| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1603 - Developer Security Testing And Evaluation | ||
| Id | 2b909c26-162f-47ce-8e15-0c1f55632eac | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Services Acquisition control | ||
| Additional metadata |
Name/Id: ACF1603 / Microsoft Managed Control 1603 Category: System and Services Acquisition Title: Developer Security Testing And Evaluation - Implement Remediation Process Ownership: Customer, Microsoft Description: The organization requires the developer of the information system, system component, or information system service to: Implement a verifiable flaw remediation process; and Requirements: The Azure system owner is responsible for ensuring that all system development and maintenance activities are performed in accordance with the Microsoft SDL process. A formal review process is implemented to ensure that new or modified source code authored by Microsoft’s online services staff is developed in a secure fashion, no malicious code has been introduced into the system, and that proper coding practices are followed. The reviewers’ names, review dates, and review results are documented in Azure DevOps, and maintained for audit purposes. A formal security quality assurance process is implemented to test for vulnerabilities to known security exposures and exploits. The process includes the use of automated security testing tools and requires that all vulnerabilities are remediated in accordance with the SDL BugBar. A ticket for each vulnerability is opened in Azure DevOps and tracked to resolution. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|