PO.2.1—Create new roles and alter responsibilities for existing roles as needed to encompass all parts of the SDLC. Periodically review and maintain the defined roles and responsibilities, updating them as needed.
PO.2
>Control Description
Create new roles and alter responsibilities for existing roles as needed to encompass all parts of the SDLC. Periodically review and maintain the defined roles and responsibilities, updating them as needed.
>Practice: PO.2
Implement Roles and Responsibilities
Ensure that everyone inside and outside of the organization involved in the SDLC is prepared to perform their SDLC-related roles and responsibilities throughout the SDLC.
>Notional Implementation Examples
- 1.Define SDLC-related roles and responsibilities for all members of the software development team.
- 2.Integrate the security roles into the software development team.
- 3.Define roles and responsibilities for cybersecurity staff, security champions, project managers and leads, senior management, software developers, software testers, software assurance leads and staff, product owners, operations and platform engineers, and others involved in the SDLC.
- 4.Conduct an annual review of all roles and responsibilities.
- 5.Educate affected individuals on impending changes to roles and responsibilities, and confirm that the individuals understand the changes and agree to follow them.
- 6.Implement and use tools and processes to promote communication and engagement among individuals with SDLC-related roles and responsibilities, such as creating messaging channels for team discussions.
- 7.Designate a group of individuals or a team as the code owner for each project.
>Cross-Framework References
Mappings to related frameworks and standards from NIST SP 800-218
Ask AI
Configure your API key to use AI features.