6.11.2.1
Secure development policy
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.1 and the following additional guidance applies.
6.11.2.2
System change control procedures
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.2 applies.
6.11.2.3
Technical review of applications after operating platform changes
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.3 applies.
6.11.2.4
Restrictions of changes to software packages
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.4 applies.
6.11.2.5
Secure systems engineering principles
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.5 and the following additional guidance applies:
6.11.2.6
Secure development environment
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.6 applies
6.11.2.7
Outsourced development
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.7 and the following additional guidance applies.
6.11.2.8
System security testing
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.8 applies
6.11.2.9
System acceptance testing
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.9 applies.