When to use this
Use this register to document security requirements for developed, acquired, or changed applications.
Related controls
- A.8.26 Application Security Requirements
- A.5.8 Information Security in Project Management
- Risk Assessment
Requirements register
| Requirement ID | Application | Requirement | Risk/source | Owner | Approval | Test evidence | Status |
|---|---|---|---|---|---|---|---|
| ASR-001 | TBD | TBD | TBD | TBD | TBD | TBD | TBD |
Minimum checks
- Requirement is specific and testable.
- Requirement traces to risk, law, contract, or classification.
- Requirement is approved.
- Requirement has test/acceptance evidence.
- Template
- Iso27001
- Technological controls
- Application security
Note Metadata
Aliases: AppSec Requirements Register
Source: 90 Templates/Application Security Requirements Register.md
Related Notes
- Risk Assessment
- ISO 27001 A.5.8 - Information Security in Project Management
- A.8.26 Audit Evidence Pack
- ISO 27001 A.8.26 - Application Security Requirements
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.8.26 Audit Checklist
- Application Security Requirements Approval Record
- Templates MOC