A.14.2.9: System Acceptance Testing
Ensure that acceptance criteria for new information systems, upgrades, and new versions are established and suitable tests of the system(s) carried out prior to acceptance.
A.14.2.8: System Security Testing
Establish a testing process to ensure security functionality is verified and that testing does not introduce new vulnerabilities.
A.14.2.7: Outsourced Development
Supervise and monitor outsourced system development to ensure that it meets the organization’s security requirements.
A.14.2.6: Secure Development Environment
Establish and manage a secure development environment for system development and integration.
A.14.2.5: Secure System Engineering Principles
Apply security principles to system engineering efforts.
A.14.2.4: Restrictions on Changes to Software Packages
Limit changes to software packages to necessary changes and all changes should be strictly controlled.
A.14.2.3: Technical Review of Applications After Operating Platform Changes
Review and test application systems when operating systems change.
A.14.2.2: System Change Control Procedures
Implement procedures to control changes to information systems to minimize the possibility of corruption of information systems.
A.14.2.1: Secure Development Policy
Establish a secure development policy, including security requirements for information systems.
A.14.1.2: Securing Application Services on Public Networks
Ensure that information involved in application services passing over public networks is protected from fraudulent activity, contract dispute, and unauthorized disclosure and modification.
A.14.1.1: Information Security Requirements Analysis and Specification
Ensure that information security requirements are included in the requirements for new information systems or enhancements to existing information systems.
A.12.1.4: Separation of Development, Testing, and Operational Environments
Implement separation of development, testing, and operational environments to reduce risks from unauthorized access or changes.