Groups of information services, users and information systems should be segregated in the organization’s networks.
Access to external websites should be managed to reduce exposure to malicious content.
Rules for the effective use of cryptography, including cryptographic key management, should be defined and implemented.
Rules for the secure development of software and systems should be established and applied.
Information security requirements should be identified, specified and approved when developing or acquiring applications.
Principles for engineering secure systems should be established, documented, maintained and applied to any information system development activities.
Secure coding principles should be applied to software development.
Security testing processes should be defined and implemented in the development life cycle.
The organization should direct, monitor and review the activities related to outsourced system development.
Development, testing and production environments should be separated and secured.
Passcode