AIS: Application & Interface Security

Controls

AIS-01: Application and Interface Security Policy and Procedures

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for application security to provide guidance to the appropriate planning, delivery and support of the organization's application security capabilities. Review and update the policies and procedures at least annually.

AIS-03: Application Security Metrics

Define and implement technical and operational metrics in alignment with business objectives, security requirements, and compliance obligations.

AIS-05: Automated Application Security Testing

Implement a testing strategy, including criteria for acceptance of new information systems, upgrades and new versions, which provides application security assurance and maintains compliance while enabling organizational speed of delivery goals. Automate when applicable and possible.