SID-OPS-08 — Secure Development Lifecycle
| Property | Value |
|---|---|
| Status | to_do |
| Owner | platform |
| Category | process |
| CSF Function | protect |
| Group | Operational Controls |
Description
Documented secure SDLC: threat modeling, secure coding guidelines, code review policy, security testing requirements. Separation of development, test, and production environments. Test information management. Protection of information systems during audit testing.
Operator Responsibility
Maintain separation of deployment environments (dev/test/prod), manage deployment pipeline security, and protect audit test data.
Audit Findings
| Finding | Severity | Status |
|---|---|---|
| EN-S-3 — Partial SDLC, change management and vulnerability scanning | medium | in progress |
| ISO-T-3 — Secure development lifecycle gaps | medium | open |