PR.PS-06: Secure software development practices are integrated, and their performance is monitored throughout the software development life cycle

Info icon.

Subcategory is new to this version of the framework and incorporates the following item from the previous version: PR.IP-2: A System Development Life Cycle to manage systems is implemented.


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Protect all components of organization-developed software from tampering and unauthorized access

Ex2: Secure all software produced by the organization, with minimal vulnerabilities in their releases

Ex3: Maintain the software used in production environments, and securely dispose of software once it is no longer needed