ISO/IEC 27001 Control 8.28: Secure coding
Control
Secure coding principles should be applied to software development.
Necessity of MidPoint
MidPoint's contribution to implementation of this control is marginal.
Implementation of the control is mostly outside the scope of identity governance and administration (IGA), therefore midPoint cannot provide significant advantage. However, midPoint can still provide minor supporting information and functionality.
Implementation Overview
MidPoint can manage access to development environments and tools.
Implementation Details
The control asks for use of controlled environments for development, and that the source code should be protected against unauthorized access and tampering. MidPoint can manage access control for source code repositories, development environments, CI/CD systems, testing environments and other systems necessary for secure software development. Policy rules can be used to set up advanced schemes to improve software quality, such as segregation of duties (SoD) policy between developers, testers and deployers.
Rationale
Secure coding is a practice done by developers when creating a code. MidPoint can provide provide only a small assistance by improving security of software development environment.