Content library
CyberFundamentals (Belgium)
PR.IP-2: A System Development Life Cycle to manage systems is implemented.

How to fill the requirement

CyberFundamentals (Belgium)

PR.IP-2: A System Development Life Cycle to manage systems is implemented.

Task name
Priority
Status
Theme
Policy
Other requirements
Definition of done and testing principles
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Secure development
requirements

Task is fulfilling also these other security requirements

14.2.9: System acceptance testing
ISO27 Full
14.2.3: Technical review of applications after operating platform changes
ISO27 Full
8.29: Security testing in development and acceptance
ISO27k1 Full
CC8.1: Change management procedures
SOC 2
PR.IP-2: A System Development Life Cycle to manage systems is implemented.
CyFun
1. Task description

The development unit itself maintains a list of criteria that need to be met before a task can be marked as completed. The criteria may include e.g. review requirements, documentation requirements and testing requirements.

New code will only be implemented after extensive testing that meets pre-defined criteria. Tests should cover usability, security, effects on other systems, and user-friendliness.

Designing Secure Software Development Life Cycle(SSDLC) process
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Secure development
requirements

Task is fulfilling also these other security requirements

PR.IP-2: A System Development Life Cycle
NIST
PR.IP-2: A System Development Life Cycle to manage systems is implemented.
CyFun
1. Task description

The organization shall define and implement a Secure Software Development Life Cycle (SSDLC) process in software development.

The first step in the SSDLC process should be to define security requirements that ensure that security considerations become integrated into the services being developed right from the creation phase.

It is recommended that the SSDLC process include at least the following steps:

  • A - Training
  • B - Description of the requirements
  • C - Design
  • D - Development
  • E - Security testing
  • F - Publication
  • G - Responding to issues
No items found.