This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Talk:Industry:Project Review/NIST SP 800-37r1 FPD Appendix G
From OWASP
Revision as of 20:06, 19 December 2009 by Walter Houser (talk | contribs) (→G.1 MONITORING STRATEGY)
APPENDIX G
CONTINUOUS MONITORING
MANAGING AND TRACKING THE SECURITY STATE OF INFORMATION SYSTEMS
G.1 MONITORING STRATEGY
The draft appears to see security requirements as separate from functional requirements. However, the "build security in" philosophy would include security requirements in the analysis, desgin, and testing stages of the SDLC. Therefore, security requirements should also be incorporated into the regression testing performed when any changes are verified and validated.