When to use this
Use this standard to define secure coding principles and language/framework-specific rules.
Related controls
Standard sections
| Area | Rule | Applies to | Evidence |
|---|---|---|---|
| Secrets | Do not hard-code secrets | TBD | TBD |
| Input validation | Validate untrusted input | TBD | TBD |
| Output encoding | Encode output by context | TBD | TBD |
| Error handling | Avoid sensitive error disclosure | TBD | TBD |
| Dependencies | Use approved dependencies | TBD | TBD |
| Memory safety | Use safe patterns/functions | TBD | TBD |
Minimum checks
- Standard maps to languages/frameworks in use.
- High-risk code has stricter rules.
- Prohibited patterns/functions are documented where relevant.
- Standard is available to developers and reviewers.
- Review date is set.
- Template
- Iso27001
- Technological controls
- Secure coding
Note Metadata
Aliases: Secure Coding Standards
Source: 90 Templates/Secure Coding Standard.md
Related Notes
- A.8.28 Audit Evidence Pack
- ISO 27001 A.8.25 - Secure Development Life Cycle
- ISO 27001 A.8.28 - Secure Coding
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.8.28 Audit Checklist
- AI-Generated Code Security Review Checklist
- Secure Coding Compliance Review Checklist
- Secure Coding Exception Record
- Secure Development Policy
- Templates MOC