ISO/IEC 27001 Control 8.25: Secure development life cycle

Control

Rules for the secure development of software and systems should be established and applied.

Necessity of MidPoint

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

Implementation Overview

TODO

Implementation Details

Role-based access control (RBAC) capabilities can be used to control access to assets and tools related to software development processes and projects. Project management mechanisms can be used to make sure all software development projects have appropriate managers or owners. This approach can also be applied to source code repositories, making sure each active repository has appropriate owner responsible for maintaining it. Obsolete source code repositories and abandoned software development projects can be clearly marked using midPoint object lifecycle techniques.

Implementation Notes

  • This is an "umbrella" control, providing overview of the software development life cycle, listing other controls that provide more details.

  • Source code repositories can be represented by services (service objects) in midPoint.

Rationale

MidPoint provides important capabilities for management of access to source code repositories and software development tools.

Was this page helpful?
YES NO
Thanks for your feedback