Go RIM for Policy Section 5345
- Information Systems Acquisition, Development, and Maintenance
The following provides a central location for information security standards, authority, guidance, forms, tools, definitions, and reference to other policies related to the acquisition, development, and maintenance of information systems.
- Information Security Policy
(State Administrative Manual) - Authority
- Standards
- Guidance
- Forms
Standards
- Questionnaire for Information Security and Privacy Components in Feasibility Study Reports and Project-Related Documents (.doc 72k)
- ISO/IEC 27002:2005 (formerly ISO 17799), Section 12, Information Systems Acquisition, Development and Maintenance
- Federal Information Processing Standards (FIPS)
- HIPAA Security Standards, Section 164.308 (a) (6), Section 164.312 (a) (1), and Section 164.312 (e) (1)
- NIST Cryptographic Module Validation Program - Validates cryptographic modules to Federal Information Processing Standards (FIPS 140-2 and others)
- NIST Cryptographic Algorithm Validation Program - Encompasses validation testing for FIPS approved and NIST recommended cryptographic algorithms. The cryptographic algorithm validation is a prerequisite to the Cryptographic Module Validation Program (CVMP).
- North America Electric Reliability Corporation (NERC) Standards, CIP 005 - Electronic Security Perimeter and CIP 007 - System Security Management
- PCI-DSS, Requirements 2, 4, 5 , and 6
- CERT Secure Coding Standards
Guidance
- Top 25 Most Dangerous Programming Errors - And How to Fix Them
- Secure Web Servers Protecting Web Sites That Are Accessed By The Public, NIST ITL Bulletin - January 2008
- Top 10 Secure Coding Practices
- Integrating IT Security into the Capital Planning and Investment Control Process, NIST SP 800-65
- Security Considerations in the Information Systems Development Life Cycle, NIST SP 800-64
- Webmaster Best Practices
- Secure Software - Information Sheet No. 1, Secure Coding Practices (pdf, 80k)
- Secure Software - Information Sheet No. 2, Software Security Checklists (.pdf, 72k)
- Secure Software - Information Sheet No. 3, Web Application Vulnerabilities: More Than A Mere Nuisance (.pdf, 86k)
- Secure Software - Information Sheet No. 4, Web Service Offerings (.pdf, 85k)
Tools
- Build Security In Project , part of the U.S. Department of Homeland Security, National Cyber Security Division's Software Assurance Program
- Open Web Application Security Project (OWASP)
- NIST Cryptographic Toolkit
- NIST, National Checklist Program Repository
- Department of General Services' Software Licensing Program (SLP) for purchasing encryption software
Last Updated: Monday, April 08, 2013
Cyber Threat Level
Quick Links
Related Websites
- California Technology Agency
- CA Highway Patrol
- CA Emergency Management Agency
- CA Office of Health Information Integrity
- CA Office of Privacy Protection
