SA-15-727 Development Process, Standards, and Tools

Development Process, Standards, and Tools

Control ID

SA-15-727

Control Name

Development Process, Standards, and Tools

Control Category

Security Assessment and Authorization

Functional Areas

Sub-Areas

NIST Baseline Level(s)

HIGH

NIST Priority

State Implementation Required

Agency Last Implemented Date

Risk Statement

Control Description

The organization: a. Requires the developer of the information system, system component, or information system service to follow a documented development process that: 1. Explicitly addresses security requirements; 2. Identifies the standards and tools used in the development process; 3. Documents the specific tool options and tool configurations used in the development process; and 4. Documents, manages, and ensures the integrity of changes to the process and/or tools used in development; and b. Reviews the development process, standards, tools, and tool options/configurations [Assignment: organization-defined frequency] to determine if the process, standards, tools, and tool options/configurations selected and employed can satisfy [Assignment: organization-defined security requirements].

Control Example

State Implementation

No statewide control

Testing Procedures