Critical Control 18 - Application Software Security

Manage the security life-cycle of all in-house developed and acquired software in order to prevent, detect, and correct security weaknesses.

PR.IP-1 A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)

PR.IP-2 A System Development Life Cycle to manage systems is implemented

PR.IP-3 Configuration change control processes are in place

PR.IP-4 Backups of information are conducted, maintained, and tested

PR.IP-5 Policy and regulations regarding the physical operating environment for organizational assets are met

PR.IP-6 Data is destroyed according to policy

PR.IP-7 Protection processes are improved

PR.IP-8 Effectiveness of protection technologies is shared

PR.IP-9 Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed

PR.IP-10 Response and recovery plans are tested

PR.IP-11 Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)

PR.IP-12 A vulnerability management plan is developed and implemented

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Control18.md

Control18.md

Critical Control 18 - Application Software Security

PR.IP-1 A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)

PR.IP-2 A System Development Life Cycle to manage systems is implemented

PR.IP-3 Configuration change control processes are in place

PR.IP-4 Backups of information are conducted, maintained, and tested

PR.IP-5 Policy and regulations regarding the physical operating environment for organizational assets are met

PR.IP-6 Data is destroyed according to policy

PR.IP-7 Protection processes are improved

PR.IP-8 Effectiveness of protection technologies is shared

PR.IP-9 Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed

PR.IP-10 Response and recovery plans are tested

PR.IP-11 Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)

PR.IP-12 A vulnerability management plan is developed and implemented

Files

Control18.md

Latest commit

History

Control18.md

File metadata and controls

Critical Control 18 - Application Software Security

PR.IP-1 A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)

PR.IP-2 A System Development Life Cycle to manage systems is implemented

PR.IP-3 Configuration change control processes are in place

PR.IP-4 Backups of information are conducted, maintained, and tested

PR.IP-5 Policy and regulations regarding the physical operating environment for organizational assets are met

PR.IP-6 Data is destroyed according to policy

PR.IP-7 Protection processes are improved

PR.IP-8 Effectiveness of protection technologies is shared

PR.IP-9 Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed

PR.IP-10 Response and recovery plans are tested

PR.IP-11 Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)

PR.IP-12 A vulnerability management plan is developed and implemented