Description
The organization requires that information system developers create a security test and evaluation plan, implement the plan, and document the results.
Changes from Rev 4
Title changed from 'Developer Security Testing and Evaluation' Control text adds 'ongoing' and 'privacy' New parameter to specify frequency Discussion expanded to include privacy considerations
Compliance Mappings
ISO 27002:2022
8.258.298.30
CIS Controls v8
16.1216.216.3
NIST CSF 2.0
ID.IM-01ID.IM-02ID.RA-01PR.PS-06
SOC 2 TSC
CC4.1-POF1