Technology Development & Acquisition

Mechanisms exist to perform application-level penetration testing of custom-made applications and services.


Login

Technology Development & Acquisition

Mechanisms exist to implement secure configuration settings by default to reduce the likelihood of software being deployed with weak security settings that would put the asset at a greater risk of compromise.


Login

Technology Development & Acquisition

Level N/A

Mechanisms exist to require the developers of systems, system components or services to employ a manual code review process to identify and remediate unique flaws that require knowledge of the application’s requirements and design.


Login

Technology Development & Acquisition

Mechanisms exist to approve, document and control the use of live data in development and test environments.


Login

Technology Development & Acquisition

Mechanisms exist to ensure the integrity of test data through existing cybersecurity & data privacy controls.


Login

Technology Development & Acquisition

Mechanisms exist to maintain awareness of component authenticity by developing and implementing Product Tampering and Counterfeiting (PTC) practices that include the means to detect and prevent counterfeit components.


Login

Technology Development & Acquisition

Mechanisms exist to train personnel to detect counterfeit system components, including hardware, software and firmware.


Login

Technology Development & Acquisition

Level N/A

[deprecated - incorporated into AST-09] Mechanisms exist to dispose of system components using organization-defined techniques and methods to prevent such components from entering the gray market.


Login

Technology Development & Acquisition

Mechanisms exist to custom-develop critical system components, when Commercial Off The Shelf (COTS) solutions are unavailable.


Login

Technology Development & Acquisition

Mechanisms exist to ensure that the developers of systems, applications and/or services have the requisite skillset and appropriate access authorizations.


Login