The Secure System and Software Lifecycle Management Standard establishes requirements for controls that shall be incorporated in system and software planning, design, building, testing, and implementation, including:
- Information security activities that shall occur during the system and software development life cycle.
- Required controls for supporting system or software development processes such as segregation of environments, prevention and/or protection of confidential production data in test environments.
- The use of version control for software development.
- Requirements for security hardening when building and configuring systems and applications.