Framework Secure Software Controls

By Barry Derksen|mei 16, 2021

[featured_image]
Downloaden
Download is available until [expire_date]
  • Versie
  • Downloaden 227
  • Bestandsgrootte 267.33 KB
  • Aantal bestanden 1
  • Datum plaatsing 16 mei 2021
  • Laatst geüpdatet 22 november 2023

Framework Secure Software Controls

The framework consists of four phases:

  1. In the context phase, the software system is described along with its desired security properties and assumptions. This is the basis for the rest of the evaluation and will be part of the public audit report.
  2. The threats phase deals with identifying possible attacks against the software system and the associated mitigating measures against these threats.
  3. In the implementation phase, the code and configuration of a software system is inspected.
  4. The verification phase looks at how the development organization verifies whether the implementation really is secure. This should not be confused with the assessment that an auditor performs on the implementation.

In each phase, developers create something that an auditor can assess. The exact developer actions and audit criteria are described within the controls.
copyrights SSA

Share this Post: