Your browser has JavaScript turned off.
You must turn it on to proceed.










NORS -- CSRIC Best Practices Result

CSRIC Best Practices Result

Detailed Information for the Best Practice: 9-8-8033

Number 9-8-8033
Priority Important
Description Software Development: Service Providers, Network Operators, and Equipment Suppliers should adopt internationally accepted standard methodologies, such as ISO 15408 (Common Criteria) or ISO 17799, to develop documented Information Security Programs that include application security development lifecycles that include reviews of specification and requirements designs, code reviews, threat modeling, risk assessments, and training of developers and engineers.
Network Type(s) Internet/Data
Industry Role(s) Service Provider; Network Operator; Equipment Supplier
Keyword(s) Cyber Security;Policy;Software;
Reference/Comments http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008
Common Criteria: http://www.iso.org, http://csrc.nist.gov/cc/; Carnegie-Mellon Software Engineering Institute secure software development: http://www.sei.cmu.edu/engineering/engineering.html;
Secure Programming Educational Material at http://www.cerias.purdue.edu/homes/pmeunier/secprog/sanitized/;
http://www.atstake.com/services/smartrisk/application.html.