Configuration of Compilation, Interpreter, and Build Processes to Improve Executable Security, v1.1
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.6: Configuration of Compilation, Interpreter, and Build Processes to Improve Executable Security. Requires an organization to decrease the number of security vulnerabilities in the software and reduce costs by eliminating vulnerabilities before testing occurs.
Assessment Steps (2)
|
1
Security of Build Tools (SecurityofBuildTools)
Does the organization use compiler, interpreter, and build tools that offer features to improve executable security?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
|
2
Choice and Configuration of Build Tools for Security (ChoiceandConfigurationofBuildToolsforSecurity)
Does the organization determine which compiler, interpreter, and build tool features should be used and how each should be configured, then implement and use the approved configurations?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (2)
|
Security of Build Tools
The organization must use compiler, interpreter, and build tools that offer features to improve executable security.
Citation
SSDF
Task PW.6.1
|
|
Choice and Configuration of Build Tools for Security
The organization must determine which compiler, interpreter, and build tool features should be used and how each should be configured, then implement and use the approved configurations.
Citation
SSDF
Task PW.6.2
|