Memory cue
Last-day cue
A.8.25 = secure development rules. A.8.26 = approved application security requirements. A.8.27 = secure architecture and engineering principles.
What the exam is likely testing
| Control | Exam cue |
|---|---|
| A.8.25 | Secure development standards are mandatory, checked, and applied to suppliers |
| A.8.26 | Application security requirements are identified, specified, approved, and tested |
| A.8.27 | Secure engineering principles are documented, maintained, and applied in design |
Common wrong answers
- Treating secure SDLC as only code scanning.
- Treating acquired applications as outside application security requirements.
- Treating architecture principles as generic slogans.
- Letting contractors use unmanaged security standards.
- Assuming go-live approval replaces early security requirements.
Related notes
- Iso27001
- Exam
- Secure development
- Application security
- Secure architecture
Note Metadata
Aliases: EXAM-038
Source: 09-Exam-Preparation/EXAM-038-Secure-Development-and-Architecture.md