Definition and Use of Criteria for SDLC Software Security Checks, v1.1
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PO.4: Definition and Use of Criteria for SDLC Software Security Checks. Requires an organization to help ensure that the software resulting from the SDLC meets the organization's expectations by defining and using criteria for checking the software's security during development.
Assessment Steps (2)
|
1
Definition of SDLC Security Check Criteria (DefinitionofSDLCSecurityCheckCriteria)
Does the organization define criteria for software security checks and track throughout the SDLC?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
|
2
Implementation of SDLC Security Check Criteria (ImplementationofSDLCSecurityCheckCriteria)
Does the organization implement processes, mechanisms, etc. to gather and safeguard the necessary information in support of its software security check criteria?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (2)
|
Definition of SDLC Security Check Criteria
The organization must define criteria for software security checks and track throughout the SDLC.
Citation
SSDF
Task PO.4.1
|
|
Implementation of SDLC Security Check Criteria
The organization must implement processes, mechanisms, etc. to gather and safeguard the necessary information in support of its software security check criteria.
Citation
SSDF
Task PO.4.2
|