AIS-01: Application Security

Control Family:

Application & Interface Security

CSF v1.1 References:

ID.AM-5
ID.BE-5
ID.GV-3
PR.AC-5
PR.DS-5
PR.IP-2

PF v1.0 References:

GV.PO-P5
CT.PO-P4
PR.AC-P5
PR.DS-P5

Threats Addressed:

Tampering
Information Disclosure
Denial of Service
Elevation of Privilege

Control Statement

Applications and programming interfaces (APIs) shall be designed, developed, deployed, and tested in accordance with leading industry standards (e.g., OWASP for web applications) and adhere to applicable legal, statutory, or regulatory compliance obligations.

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4