ISO/IEC 27000 Application Security Requirements, v2022
Specifies requirements in accordance with the security and privacy controls specified by ISO/IEC Publication 27001:2022, related to application security requirements.
Assessment Step
|
1
Application Security Requirements (ApplicationSecurityRequirements)
Are information security requirements identified, specified, and approved when developing or acquiring applications?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
|
Application Security Requirements
Information security requirements shall be identified, specified and approved when developing or acquiring applications.
Citations
27001
Annex A, Control 8.26
27002
Section 8.26
|