>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SLC-03Secrets in Code

>Control Description

Organization manages source code secrets in a centralized repository; secrets are rotated at least annually and immediately if the security of secrets is compromised.

Theme

Process

Type

Preventive

Policy/Standard

Secure Development Lifecycle Policy

>Implementation Guidance

1. Each service should have a central source code repository where all secrets are managed. 2. Secrets of the service are rotated once every year and in cases where the securiy of secrets is compromised. Logs for the same are maintained and documented.

>Testing Procedure

1. For a sample of services, inspect the Organization's centralized repository to determine that source code secrets are managed in a centralized repository. 2. Obtain evidence to validate secrets are rotated at least annually and immediately if the security of secrets is compromised.

>Audit Artifacts

E-SLC-05
E-SLC-06

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

PCI DSS
4

8.6
8.6.1
8.6.2
8.6.3

Ask AI

Configure your API key to use AI features.