A.14.2.9: System Acceptance Testing
Ensure that acceptance criteria for new information systems, upgrades, and new versions are established and suitable tests of the system(s) carried out prior to acceptance.
A.14.2.8: System Security Testing
Establish a testing process to ensure security functionality is verified and that testing does not introduce new vulnerabilities.
A.14.2.7: Outsourced Development
Supervise and monitor outsourced system development to ensure that it meets the organization’s security requirements.
A.14.2.6: Secure Development Environment
Establish and manage a secure development environment for system development and integration.
A.14.2.5: Secure System Engineering Principles
Apply security principles to system engineering efforts.
A.14.2.4: Restrictions on Changes to Software Packages
Limit changes to software packages to necessary changes and all changes should be strictly controlled.
A.14.2.3: Technical Review of Applications After Operating Platform Changes
Review and test application systems when operating systems change.
A.14.2.2: System Change Control Procedures
Implement procedures to control changes to information systems to minimize the possibility of corruption of information systems.
A.14.2.1: Secure Development Policy
Establish a secure development policy, including security requirements for information systems.
A.12.1.2: Change Management
Implement change management procedures to ensure that changes to information processing facilities and systems are controlled.
