PR.PS-06
Secure software development practices are integrated, and their performance is monitored throughout the software development life cycle
Implementation examples
- Ex1: Protect all components of organization-developed software from tampering and unauthorized access
- Ex2: Secure all software produced by the organization, with minimal vulnerabilities in their releases
- Ex3: Maintain the software used in production environments, and securely dispose of software once it is no longer needed
Mapped NIST 800-53 r5 controls (8)
All informative references (63)
- AI-SOC: AI-SOC-08
- AI-SOC: AI-SOC-22
- CCMv4.0: AIS-04
- CCMv4.0: AIS-06
- CCMv4.0: AIS-07
- CCMv4.0: DSP-07
- CCMv4.0: IVS-06
- CIS Controls v8.0: 16.1
- CIS Controls v8.1: 16.1
- CRI Profile v2.0: PR.PS-06
- CRI Profile v2.0: PR.PS-06.01
- CRI Profile v2.0: PR.PS-06.02
- CRI Profile v2.0: PR.PS-06.03
- CRI Profile v2.0: PR.PS-06.04
- CRI Profile v2.0: PR.PS-06.05
- CRI Profile v2.0: PR.PS-06.06
- CRI Profile v2.0: PR.PS-06.07
- CRI Profile v2.0: PR.PS-06.08
- CRI Profile v2.0: PR.PS-06.09
- CRI Profile v2.0: PR.PS-06.10
- CSF v1.1: PR.IP-2
- IRP: IRP-Sec-4
- IRP: IRP-Sec-4
- IRP: IRP-Sec-4
- ISO/IEC 27001:2022: Mandatory Clause: None
- ISO/IEC 27001:2022: Annex A Controls: 8.25
- ISO/IEC 27001:2022: Annex A Controls: 8.28
- NICE Framework: DD-WRL-001
- NICE Framework: DD-WRL-002
- NICE Framework: DD-WRL-003
- NICE Framework: DD-WRL-005
- NICE Framework: DD-WRL-008
- NICE Framework: IO-WRL-005
- NICE Framework: OG-WRL-016
- NICE Framework: PD-WRL-004
- OWASP Top 10 LLM Applications: LLM01-2025
- OWASP Top 10 LLM Applications: LLM05-2025
- OWASP Top 10 LLM Applications: LLM06-2025
- PCI DSS: 6.2.3
- PCI DSS: 6.2.2
- PCI DSS: 6.3.2
- PCI DSS: 11.4.4
- SCF: TDA-01
- SCF: TDA-01.1
- SCF: TDA-06
- SCF: TDA-06.1
- SCF: TDA-06.2
- SCF: TDA-09
- SP 800-171 Rev 3: 03.16.01
- SP 800-53 Rev 5.1.1: SA-03
- SP 800-53 Rev 5.1.1: SA-08
- SP 800-53 Rev 5.1.1: SA-10
- SP 800-53 Rev 5.1.1: SA-11
- SP 800-53 Rev 5.1.1: SA-15
- SP 800-53 Rev 5.1.1: SA-17
- SP 800-53 Rev 5.2.0: SA-03
- SP 800-53 Rev 5.2.0: SA-08
- SP 800-53 Rev 5.2.0: SA-10
- SP 800-53 Rev 5.2.0: SA-11
- SP 800-53 Rev 5.2.0: SA-15
- SP 800-53 Rev 5.2.0: SA-15(13)
- SP 800-53 Rev 5.2.0: SA-17
- SP 800-53 Rev 5.2.0: SA-24
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).