>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PO.4.2Implement processes, mechanisms, etc. to gather and safeguard the necessary information in support of the criteria.

PO.4

>Control Description

Implement processes, mechanisms, etc. to gather and safeguard the necessary information in support of the criteria.

>Practice: PO.4

Define and Use Criteria for Software Security Checks

Help ensure that the software resulting from the SDLC meets the organization’s expectations by defining and using criteria for checking the software’s security during development.

>Notional Implementation Examples

  1. 1.Use the toolchain to automatically gather information that informs security decision-making.
  2. 2.Deploy additional tools if needed to support the generation and collection of information supporting the criteria.
  3. 3.Automate decision-making processes utilizing the criteria, and periodically review these processes.
  4. 4.Only allow authorized personnel to access the gathered information, and prevent any alteration or deletion of the information.

>Cross-Framework References

Mappings to related frameworks and standards from NIST SP 800-218

BSA FSS

PD.1-4
PD.1-5

BSIMM

SM1.4
SM2.1
SM2.2
SM3.4

EO 14028

4e(iv)
4e(v)
4e(ix)

IEC 62443

SI-1
SVV-1
SVV-2
SVV-3
SVV-4

OWASP SAMM

PC3-B

PCI SSLC

2.5

SAFECode SIC

Vendor Software Delivery Integrity Controls

SP 800-53

SA-15
SA-15(1)
SA-15(11)

SP 800-160

3.2.5
3.3.7

SP 800-161

SA-15
SA-15(1)
SA-15(11)

SP 800-181 (NICE)

T0349
K0153

Ask AI

Configure your API key to use AI features.