This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Talk:Industry:Project Review/NIST SP 800-37r1 FPD Appendix G"

From OWASP
Jump to: navigation, search
(G.1 MONITORING STRATEGY)
(G.1 MONITORING STRATEGY)
Line 12: Line 12:
 
== G.1  MONITORING STRATEGY ==
 
== G.1  MONITORING STRATEGY ==
  
The draft appears to see security requirements as separate from functional requirements.  However, the "build security in" philosophy would include security requirements in the analysis, desgin, and testing stages of the SDLC.  Therefore, security requirements should also be incorporated into the regression testing performed when any changes are verified and validated. --[[User:Walter Houser|Walter Houser]] 20:08, 19 December 2009 (UTC)
+
The draft appears to see security requirements as separate from functional requirements.  However, the "build security in" philosophy would include security requirements in the analysis, desgin, and testing stages of the SDLC.  Therefore, security requirements should be articulated in the requirements analsysis stage(s), mapped to the features intended to implement them, and incorporated into the regression testing performed when any (and all) changes are verified and validated. [[User:Walter Houser|Walter Houser]] 20:08, 19 December 2009 (UTC)
  
 
== G.2  SELECTION OF SECURITY CONTROLS FOR MONITORING ==
 
== G.2  SELECTION OF SECURITY CONTROLS FOR MONITORING ==

Revision as of 20:13, 19 December 2009

APPENDIX G

CONTINUOUS MONITORING

MANAGING AND TRACKING THE SECURITY STATE OF INFORMATION SYSTEMS


G.1 MONITORING STRATEGY

The draft appears to see security requirements as separate from functional requirements. However, the "build security in" philosophy would include security requirements in the analysis, desgin, and testing stages of the SDLC. Therefore, security requirements should be articulated in the requirements analsysis stage(s), mapped to the features intended to implement them, and incorporated into the regression testing performed when any (and all) changes are verified and validated. Walter Houser 20:08, 19 December 2009 (UTC)

G.2 SELECTION OF SECURITY CONTROLS FOR MONITORING

G.3 CRITICAL DOCUMENT UPDATES AND STATUS REPORTING

Footnotes