UnixTime

Research Note

A.8.25 Audit Checklist

Use this checklist during an internal audit of secure development rules, competence, code review, vulnerability follow-up, and supplier development.

On this page

When to use this

Use this checklist during an internal audit of secure development rules, competence, code review, vulnerability follow-up, and supplier development.

Audit checklist

  • Review secure development policy/standard.
  • Check developer and reviewer training.
  • Sample secure code review records.
  • Review vulnerability remediation records.
  • Check supplier/contractor development requirements.
  • Verify compliance checks are routine.
  • Check standards review and update evidence.

Findings table

Development area Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD