http://cyfun.data.gift/data/requirement_PR_PS_06_1

http://cyfun.data.gift/data/requirement_PR_PS_06_1
Concept

Properties and relations

Direct links from the subject.

Property Value

type

The subject is an instance of a class.

http://cyfun.data.gift/ontology#Requirement

type

The subject is an instance of a class.

Concept

An idea or notion; a unit of thought.

label

A human-readable name for the subject.

PR.PS-06.1: Security shall be considered throughout the lifecycle of systems and applications, whether developed internally or acquired externally.

http://cyfun.data.gift/ontology#requirementId

PR.PS-06.1

http://cyfun.data.gift/ontology#foundIn

http://cyfun.data.gift/data/loc_CyFun2025_Booklet_IMPORTANT_E_p88

http://cyfun.data.gift/ontology#foundIn

http://cyfun.data.gift/data/loc_CyFun2025_Booklet_ESSENTIAL_E_p127

has broader

Relates a concept to a concept that is more general in meaning.

http://cyfun.data.gift/data/subcategory_PR.PS-06

note

A general note, for any purpose.

<div><p>The goal of this control is to make sure that security is built into systems and applications from the beginning andmaintainedthroughouttheirentirelife— fromdesigntoretirement —whethertheyaredevelopedin-house or purchased. To achieve this goal:</p><ul><li>Initiation Phase Security requirements should be defined early, risks identified, and relevant stakeholders, including security experts, engaged from the start.</li><li>Acquisition or Development Phase<ul><li>For acquired solutions: vendors should follow secure development practices, provide evidence of testing, and meet contractual security requirements.</li><li>For in-house development: secure coding practices should be applied, changes managed, and security testing conducted.</li></ul></li><li>Implementation Phase Systems should be securely configured before deployment, with access controls and encryption applied to protect sensitive data.</li><li>Operations and Maintenance Phase Systems should be monitored for incidents, regularly updated, and security controls reviewed and improved as needed.</li><li>Disposition Phase Systems should be decommissioned securely, sensitive data removed, and lessons learned documented to strengthen future processes.</li></ul></div>

note

A general note, for any purpose.

The goal of this control is to make sure that security is built into systems and applications from the beginning andmaintainedthroughouttheirentirelife— fromdesigntoretirement —whethertheyaredevelopedin-house or purchased. To achieve this goal: • Initiation Phase Security requirements should be defined early, risks identified, and relevant stakeholders, including security experts, engaged from the start. • Acquisition or Development Phase o For acquired solutions: vendors should follow secure development practices, provide evidence of testing, and meet contractual security requirements. o For in-house development: secure coding practices should be applied, changes managed, and security testing conducted. • Implementation Phase Systems should be securely configured before deployment, with access controls and encryption applied to protect sensitive data. • Operations and Maintenance Phase Systems should be monitored for incidents, regularly updated, and security controls reviewed and improved as needed. • Disposition Phase Systems should be decommissioned securely, sensitive data removed, and lessons learned documented to strengthen future processes.

note

A general note, for any purpose.

The goal of this control is to make sure that security is built into systems and applications from the beginning andmaintainedthroughouttheirentirelife— fromdesigntoretirement —whethertheyaredevelopedin-house or purchased. To achieve this goal: - Initiation Phase Security requirements should be defined early, risks identified, and relevant stakeholders, including security experts, engaged from the start. - Acquisition or Development Phase - For acquired solutions: vendors should follow secure development practices, provide evidence of testing, and meet contractual security requirements. - For in-house development: secure coding practices should be applied, changes managed, and security testing conducted. - Implementation Phase Systems should be securely configured before deployment, with access controls and encryption applied to protect sensitive data. - Operations and Maintenance Phase Systems should be monitored for incidents, regularly updated, and security controls reviewed and improved as needed. - Disposition Phase Systems should be decommissioned securely, sensitive data removed, and lessons learned documented to strengthen future processes.

note

A general note, for any purpose.

The goal of this control is to make sure that security is built into systems and applications from the beginning andmaintainedthroughouttheirentirelife— fromdesigntoretirement —whethertheyaredevelopedin-house or purchased. To achieve this goal: - Initiation Phase Security requirements should be defined early, risks identified, and relevant stakeholders, including security experts, engaged from the start. - Acquisition or Development Phase - For acquired solutions: vendors should follow secure development practices, provide evidence of testing, and meet contractual security requirements. - For in-house development: secure coding practices should be applied, changes managed, and security testing conducted. - Implementation Phase Systems should be securely configured before deployment, with access controls and encryption applied to protect sensitive data. - Operations and Maintenance Phase Systems should be monitored for incidents, regularly updated, and security controls reviewed and improved as needed. - Disposition Phase Systems should be decommissioned securely, sensitive data removed, and lessons learned documented to strengthen future processes.

notation

A notation, also known as classification code, is a string of characters such as "T58.5" or "303.4833" used to uniquely identify a concept within the scope of a given concept scheme.

PR.PS-06.1

alternative label

skos:prefLabel, skos:altLabel and skos:hiddenLabel are pairwise disjoint properties.

Secure system development lifecycle

preferred label

A resource has no more than one value of skos:prefLabel per language tag, and no more than one value of skos:prefLabel without language tag.

Security shall be considered throughout the lifecycle of systems and applications, whether developed internally or acquired externally.

is in scheme

Relates a resource (for example a concept) to a concept scheme in which it is included.

http://cyfun.data.gift/data/CyFun2025

is in scheme

Relates a resource (for example a concept) to a concept scheme in which it is included.

http://cyfun.data.gift/data/CyFun2025_delta_BASIC_to_IMPORTANT

is in scheme

Relates a resource (for example a concept) to a concept scheme in which it is included.

http://cyfun.data.gift/data/CyFun2025_IMPORTANT

is in scheme

Relates a resource (for example a concept) to a concept scheme in which it is included.

http://cyfun.data.gift/data/CyFun2025_ESSENTIAL

http://cyfun.data.gift/ontology#level

http://cyfun.data.gift/data/level_IMPORTANT

triple count

The number of triples associated with the subject.

19

in dataset

Specifies the dataset the subject is part of.

http://data.gift/d/datasets/69E8863AA6CE46D9ACD13109

Resultaten 1 - 21 of 21

References

Inverse links to the subject.

Property Subject

http://cyfun.data.gift/ontology#hasRequirement

http://cyfun.data.gift/data/subcategory_PR.PS-06

has narrower

Relates a concept to a concept that is more specific in meaning.

http://cyfun.data.gift/data/subcategory_PR.PS-06

Resultaten 1 - 1 of 1