18
|
|
7.11.1
|
Response
|
18
|
|
7.11.2
|
Personnel
|
18
|
|
7.11.3
|
Communications
|
18
|
|
7.11.4
|
Assessment
|
18
|
|
7.11.5
|
Restoration
|
18
|
|
7.11.6
|
Training and awareness
|
18
|
|
7.11.7
|
Lessons learned
|
18
|
|
7.12
|
Test Disaster Recovery Plans (DRP)
|
18
|
|
7.12.1
|
Read-through/tabletop
|
18
|
|
7.12.2
|
Walkthrough
|
18
|
|
7.12.3
|
Simulation
|
18
|
|
7.12.4
|
Parallel
|
18
|
|
7.12.5
|
Full interruption
|
18
|
|
7.13
|
Participate in Business Continuity (BC) planning and exercises
|
3
|
|
7.14
|
Implement and manage physical security
|
10
|
|
7.14.1
|
Perimeter security controls
|
10
|
|
7.14.2
|
Internal security controls
|
10
|
|
7.15
|
Address personnel safety and security concerns
|
16
|
|
7.15.1
|
Travel
|
16
|
|
7.15.2
|
Security training and awareness
|
16
|
|
7.15.3
|
Emergency management
|
16
|
|
7.15.4
|
Duress
|
16
|
|
Domain 8
|
Software Development Security
|
|
|
8.1
|
Understand and integrate security in the Software Development Life Cycle (SDLC)
|
20
|
|
8.1.1
|
Development methodologies (e.g., Agile, Waterfall, DevOps, DevSecOps)
|
20
|
|
8.1.2
|
Maturity models (e.g., Capability Maturity Model (CMM), Software Assurance Maturity Model (SAMM))
|
20
|
|
8.1.3
|
Operation and maintenance
|
20
|
|
8.1.4
|
Change management
|
20
|
|
8.1.5
|
Integrated Product Team (IPT)
|
20
|
|
8.2
|
Identify and apply security controls in software development ecosystems
|
15, 17, 20, 21
|
|
8.2.1
|
Programming languages
|
20
|
