Security in development and support processes

6.11.2.1Secure development policy The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.1 and the following additional guidance applies.
6.11.2.2System change control procedures The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.2 applies.
6.11.2.3Technical review of applications after operating platform changes The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.3 applies.
6.11.2.4Restrictions of changes to software packages The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.4 applies.
6.11.2.5Secure systems engineering principles The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.5 and the following additional guidance applies:
6.11.2.6Secure development environment The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.6 applies
6.11.2.7Outsourced development The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.7 and the following additional guidance applies.
6.11.2.8System security testing The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.8 applies
6.11.2.9System acceptance testing The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.9 applies.