UnixTime

Research Note

A.8.29 Audit Checklist

Use this checklist during an internal audit of security testing in development and acceptance.

On this page

When to use this

Use this checklist during an internal audit of security testing in development and acceptance.

Audit checklist

  • Review security testing process.
  • Check test depth and frequency are risk-based.
  • Review security acceptance criteria.
  • Sample test results.
  • Review findings, remediation, and retest evidence.
  • Check regression, defective input, and access control testing.
  • Check user/operations involvement where relevant.
  • Review final acceptance sign-off.

Findings table

Testing area Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD