6.11.2.1Secure development policy
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.1 and the following additional guidance applies.
6.11.2.2System change control procedures
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.2 applies.
6.11.2.3Technical review of applications after operating platform changes
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.3 applies.
6.11.2.4Restrictions of changes to software packages
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.4 applies.
6.11.2.5Secure systems engineering principles
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.5 and the following additional guidance applies:
6.11.2.6Secure development environment
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.6 applies
6.11.2.7Outsourced development
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.7 and the following additional guidance applies.
6.11.2.8System security testing
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.8 applies
6.11.2.9System acceptance testing
The control, implementation guidance and other information stated in ISO/IEC 27002:2013, 14.2.9 applies.