PR.PS-06
Secure software development practices are integrated, and their performance is monitored throughout the software development life cycle
Implementation examples
- Ex1: Protect all components of organization-developed software from tampering and unauthorized access
- Ex2: Secure all software produced by the organization, with minimal vulnerabilities in their releases
- Ex3: Maintain the software used in production environments, and securely dispose of software once it is no longer needed
Mapped NIST 800-53 r5 controls (8)
Mapped CWE weaknesses (9)
Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.
CWE-1004→F
CWE-1220←P →P
CWE-200←P →F
CWE-284←P →M
CWE-285←P →M
CWE-78←P →M
CWE-79→M
CWE-89→M
CWE-94→M
All informative references (63)
- AI-SOC: AI-SOC-08
- AI-SOC: AI-SOC-22
- CCMv4.0: AIS-04
- CCMv4.0: AIS-06
- CCMv4.0: AIS-07
- CCMv4.0: DSP-07
- CCMv4.0: IVS-06
- CIS Controls v8.0: 16.1
- CIS Controls v8.1: 16.1
- CRI Profile v2.0: PR.PS-06
- CRI Profile v2.0: PR.PS-06.01
- CRI Profile v2.0: PR.PS-06.02
- CRI Profile v2.0: PR.PS-06.03
- CRI Profile v2.0: PR.PS-06.04
- CRI Profile v2.0: PR.PS-06.05
- CRI Profile v2.0: PR.PS-06.06
- CRI Profile v2.0: PR.PS-06.07
- CRI Profile v2.0: PR.PS-06.08
- CRI Profile v2.0: PR.PS-06.09
- CRI Profile v2.0: PR.PS-06.10
- CSF v1.1: PR.IP-2
- IRP: IRP-Sec-4
- IRP: IRP-Sec-4
- IRP: IRP-Sec-4
- ISO/IEC 27001:2022: Mandatory Clause: None
- ISO/IEC 27001:2022: Annex A Controls: 8.25
- ISO/IEC 27001:2022: Annex A Controls: 8.28
- NICE Framework: DD-WRL-001
- NICE Framework: DD-WRL-002
- NICE Framework: DD-WRL-003
- NICE Framework: DD-WRL-005
- NICE Framework: DD-WRL-008
- NICE Framework: IO-WRL-005
- NICE Framework: OG-WRL-016
- NICE Framework: PD-WRL-004
- OWASP Top 10 LLM Applications: LLM01-2025
- OWASP Top 10 LLM Applications: LLM05-2025
- OWASP Top 10 LLM Applications: LLM06-2025
- PCI DSS: 6.2.3
- PCI DSS: 6.2.2
- PCI DSS: 6.3.2
- PCI DSS: 11.4.4
- SCF: TDA-01
- SCF: TDA-01.1
- SCF: TDA-06
- SCF: TDA-06.1
- SCF: TDA-06.2
- SCF: TDA-09
- SP 800-171 Rev 3: 03.16.01
- SP 800-53 Rev 5.1.1: SA-03
- SP 800-53 Rev 5.1.1: SA-08
- SP 800-53 Rev 5.1.1: SA-10
- SP 800-53 Rev 5.1.1: SA-11
- SP 800-53 Rev 5.1.1: SA-15
- SP 800-53 Rev 5.1.1: SA-17
- SP 800-53 Rev 5.2.0: SA-03
- SP 800-53 Rev 5.2.0: SA-08
- SP 800-53 Rev 5.2.0: SA-10
- SP 800-53 Rev 5.2.0: SA-11
- SP 800-53 Rev 5.2.0: SA-15
- SP 800-53 Rev 5.2.0: SA-15(13)
- SP 800-53 Rev 5.2.0: SA-17
- SP 800-53 Rev 5.2.0: SA-24
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).