Skip to main content
Policy Advisory

Policy Advisory  Secure System and Software Life Cycle Management Standard

Date: 01/01/2025
Organization: Cybersecurity and Enterprise Risk Management
Referenced Sources: MGL Chapter 7D, Section 2

The Secure System and Software Life Cycle Management Standard reinforces the Commonwealth’s commitment to a secure system and software strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks.

Contact

Cybersecurity and Enterprise Risk Management

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov
Skip table of contents

Table of Contents

You skipped the table of contents section.

Purpose

This standard establishes requirements for identifying controls that will be incorporated in system and software planning, design, building, testing and implementation, including:

•Information security activities that will occur during the system and 
software development life cycle.

•Required controls for supporting system or software development processes such as segregation of environments, prevention and/or protection of confidential production data in test environments.

•The use of version control for software development.

•Requirements for security hardening when building and configuring systems 
and applications.

Downloads

Open PDF file, 197.66 KB,  IS.025 Secure System and Software Life Cycle Management Standard (English, PDF 197.66 KB)

Contact

Online

For cybersecurity or risk management questions: Email Cybersecurity and Enterprise Risk Management at ERM@mass.gov
Referenced Sources:
MGL Chapter 7D, Section 2

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback