Control: The organization manages the information system using a system development life cycle methodology that includes information security considerations.

Supplemental Guidance: NIST Special Publication 800-64 provides guidance on security considerations in the system development life cycle.

Control Enhancements: (0) None.

Baseline: LOW SA-3 MOD SA-3 HIGH SA-3

Family: System And Services Acquisition

Class: Management

ISO 17799 mapping: None.

COBIT 4.1 mapping: PO8.3, AI2.7