CCI-003093
CCI-003093 Definition
Integrate the organizational information security risk management process into system development life cycle activities.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents and implements a process to integrate the organizational information security risk management process into system development life cycle activities.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed integrates the organizational information security risk management process into system development life cycle activities.
Compelling Evidence
1.) System Development Life Cycle (SDLC) documentation documents process for risk management evaluation of information system.