When to use this
Use this checklist during an internal audit of application security requirements for developed or acquired applications.
Related controls
- A.8.26 Application Security Requirements
- A.8.26 Audit Evidence Pack
- Application Security Requirements Register
- Application Transaction Security Checklist
- Application Security Requirements Approval Record
Audit checklist
- Sample applications developed or acquired.
- Review security requirements register.
- Trace requirements to risk assessment.
- Check requirement approval.
- Review transaction/security control requirements.
- Check crypto, network, logging, and legal requirements where relevant.
- Review security testing and acceptance evidence.
- Check exception/risk acceptance records.
Findings table
| Application | Expected evidence | Observed evidence | Gap | Finding type | Action owner |
|---|---|---|---|---|---|
| TBD | TBD | TBD | TBD | NC / observation / conforming | TBD |
- Template
- Audit
- Iso27001
- A8 26
Note Metadata
Aliases: A.8.26 Application Security Requirements Audit Checklist
Source: 90 Templates/A.8.26 Audit Checklist.md
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Related Notes
- A.8.26 Audit Evidence Pack
- Audit Evidence MOC
- ISO 27001 A.8.26 - Application Security Requirements
- A.8 Technological Controls MOC
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- Application Security Requirements Approval Record
- Application Security Requirements Register
- Application Transaction Security Checklist
- Audit Evidence Index
- Templates MOC