||For Network Operators and Service Providers, a formal process during system or service development should exist in which a review of security controls and techniques is performed by a group independent of the development group, prior to deployment.
||Cable; Internet/Data; Satellite; Wireless; Wireline
||Service Provider; Network Operator
|| This review should be based on an organization's policies, standards, and guidelines, as well as best practices. In instances where exceptions are noted, mitigation techniques should be designed and deployed and exceptions should be properly tracked.