Archive for SDLC Framework
You are browsing the archives of SDLC Framework.
You are browsing the archives of SDLC Framework.
NIST 800-40 “Creating a Patch and Vulnerability Management Program” describes the functions and processes that a patch and vulnerability management program should cover in order to maintain effective security. Importance of patch management As operating systems, applications and utility tools continue to manifest exploitable flaws, rapid application of security patches becomes critical to security. Attackers [...]
Inventory is one of the earliest processes in the System Development Life Cyle (SDLC) and also one of the most critical. It is a sub-process of both the System Characterization process and the Configuration Management process and the output from it either directly feeds many other processes or has significant influence over them. An accurate [...]
In addition to the IMPLEMENTATION Phase of the SDLC, smaller pieces of the general implementation process are scattered across other parts of the framework.
(…more)
Here are some processes across the SDLC Framework and related controls.
(…more)
Information needs to be preserved, then media sanitized, then hardware and software can be disposed of properly. Documentation must be updated.
(…more)
Configuration managment continues with monitoring and a change control process. Continuous monitoring checks critical security components. Any changes to the usual suspects must be updated.
(…more)
Integration of security controls, Certification & Accreditation and documentation updates.
(…more)
This is where the need and purpose for the information system is defined and documented. This includes System Characterization and the beginnings of Risk Assessment.
(…more)
The SDLC framework is a multi-step outline that describes the life cycle of an information system.
(…more)