Identity and Access Management
Book
MidPoint
- Quick Start Guide
- Compliance
  - ENISA baseline security requirements
  - ISO 27001
    - 5.1
    - 5.2
    - 5.3
    - 5.4
    - 5.5
    - 5.6
    - 5.7
    - 5.8
    - 5.9
    - 5.10
    - 5.11
    - 5.12
    - 5.13
    - 5.14
    - 5.15
    - 5.16
    - 5.17
    - 5.18
    - 5.19
    - 5.20
    - 5.21
    - 5.22
    - 5.23
    - 5.24
    - 5.25
    - 5.26
    - 5.27
    - 5.28
    - 5.29
    - 5.30
    - 5.31
    - 5.32
    - 5.33
    - 5.34
    - 5.35
    - 5.36
    - 5.37
    - 6.1
    - 6.2
    - 6.3
    - 6.4
    - 6.5
    - 6.6
    - 6.7
    - 6.8
    - 7.1
    - 7.2
    - 7.3
    - 7.4
    - 7.5
    - 7.6
    - 7.7
    - 7.8
    - 7.9
    - 7.10
    - 7.11
    - 7.12
    - 7.13
    - 7.14
    - 8.1
    - 8.2
    - 8.3
    - 8.4
    - 8.5
    - 8.6
    - 8.7
    - 8.8
    - 8.9
    - 8.10
    - 8.11
    - 8.12
    - 8.13
    - 8.14
    - 8.15
    - 8.16
    - 8.17
    - 8.18
    - 8.19
    - 8.20
    - 8.21
    - 8.22
    - 8.23
    - 8.24
    - 8.25
    - 8.26
    - 8.27
    - 8.28
    - 8.29
    - 8.30
    - 8.31
    - 8.32
    - 8.33
    - 8.34
  - NIS 2
- Installation
- Releases
- Roadmap
- Features
- Architecture
- Security
- Guides
- Developer Zone
- Exercises
- Live Demo
- Operations Manual
- Configuration reference
- MidPrivacy
- MidScale
- MidPoint Studio
- Methodology
- Projects
- Tools
- Versioning
- History
Identity Connectors
Support
Trainings
Why Evolveum?
Community
Library
Case Studies
Talks
Glossary
Frequently Asked Questions
About

ISO/IEC 27001 Control 8.25: Secure development life cycle

Control

Rules for the secure development of software and systems should be established and applied.

Necessity of MidPoint

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

Implementation Overview

MidPoint provides access control and policies supporting secure software development.

Implementation Details

Role-based access control (RBAC) capabilities can be used to control access to assets and tools related to software development processes and projects. Project management mechanisms can be used to make sure all software development projects have appropriate managers or owners. This approach can also be applied to source code repositories (invetorized as services or applications), making sure each active repository has an appropriate owner responsible for maintaining it. Obsolete source code repositories and abandoned software development projects can be clearly marked using midPoint object lifecycle techniques. Policy rules, such as segregation of duties (SoD) rules, can be used to set up governance policies over repositories and environments. E.g. SoD rules can be used to segregate development, testing and administration roles.

Implementation Notes

This is an "umbrella" control, providing overview of the software development life cycle, listing other controls that provide more details.
Source code repositories can be represented by services (service objects) in midPoint.

Rationale

MidPoint provides important capabilities for management of access to source code repositories and software development tools.

Was this page helpful?

YES NO

Thanks for your feedback