PW.6.1—Use compiler, interpreter, and build tools that offer features to improve executable security.
PW.6
>Control Description
Use compiler, interpreter, and build tools that offer features to improve executable security.
>Practice: PW.6
Configure the Compilation, Interpreter, and Build Processes to Improve Executable Security
Decrease the number of security vulnerabilities in the software and reduce costs by eliminating vulnerabilities before testing occurs.
>Notional Implementation Examples
- 1.Use up-to-date versions of compiler, interpreter, and build tools.
- 2.Follow change management processes when deploying or updating compiler, interpreter, and build tools, and audit all unexpected changes to tools.
- 3.Regularly validate the authenticity and integrity of compiler, interpreter, and build tools. See PO.3.
>Cross-Framework References
Mappings to related frameworks and standards from NIST SP 800-218
BSA FSS
DE.2-1
BSIMM
SE2.4
CNCF SSCP
Securing Build Pipelines—Verification
Automation
EO 14028
4e(iv)
4e(ix)
IEC 62443
SI-2
Microsoft SDL
8
SAFECode Agile
Operational Security Task 3
SAFECode FPSSD
Use Current Compiler and Toolchain Versions and Secure Compiler Options
SAFECode SIC
Vendor Software Development Integrity Controls
SP 800-53
SP 800-161
SA-15
Ask AI
Configure your API key to use AI features.