PO.2.3—Obtain upper management or authorizing official commitment to secure development, and convey that commitment to all with development-related roles and responsibilities.
PO.2
>Control Description
Obtain upper management or authorizing official commitment to secure development, and convey that commitment to all with development-related roles and responsibilities.
>Practice: PO.2
Implement Roles and Responsibilities
Ensure that everyone inside and outside of the organization involved in the SDLC is prepared to perform their SDLC-related roles and responsibilities throughout the SDLC.
>Notional Implementation Examples
- 1.Appoint a single leader or leadership team to be responsible for the entire secure software development process, including being accountable for releasing software to production and delegating responsibilities as appropriate.
- 2.Increase authorizing officials’ awareness of the risks of developing software without integrating security throughout the development life cycle and the risk mitigation provided by secure development practices.
- 3.Assist upper management in incorporating secure development support into their communications with personnel with development-related roles and responsibilities.
- 4.Educate all personnel with development-related roles and responsibilities on upper management’s commitment to secure development and the importance of secure development to the organization.
>Cross-Framework References
Mappings to related frameworks and standards from NIST SP 800-218
Ask AI
Configure your API key to use AI features.