ISO/IEC 27001 Control 8.28: Secure coding

Control

Secure coding principles should be applied to software development.

Necessity of MidPoint

MidPoint's contribution to implementation of this control is marginal.

Implementation of the control is mostly outside the scope of identity governance and administration (IGA), therefore midPoint cannot provide significant advantage. However, midPoint can still provide minor supporting information and functionality.

Implementation Overview

MidPoint can manage access to development environments and tools.

Implementation Details

The control asks for use of controlled environments for development, and that the source code should be protected against unauthorized access and tampering. MidPoint can manage access control for source code repositories, development environments, CI/CD systems, testing environments and other systems necessary for secure software development. Policy rules can be used to set up advanced schemes to improve software quality, such as segregation of duties (SoD) policy between developers, testers and deployers.

Rationale

Secure coding is a practice done by developers when creating a code. MidPoint can provide provide only a small assistance by improving security of software development environment.

Was this page helpful?
YES NO
Thanks for your feedback