CONTROL TYPE Acquisition/Sale of Assets or Services
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain a System Development Life Cycle program., CC ID: 11823
This Control has the following implementation support Control(s):
Prioritize opportunities to improve the product and service lifecycle process., CC ID: 06898
Assign senior management to approve the cost benefit analysis in the feasibility study., CC ID: 13069
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Taking decisions on any new applications to be acquired / developed or any old applications to be discarded (Critical components of information security 11) c.2. Bullet 6, Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
The supplier shall evaluate the request for a product or service and determine it is feasible, along with how to respond to the request. (§ 6.1.2.3(b)(1), ISO 15288-2008 Systems and software engineering - System life cycle processes, R 2008)
potential consequences of failure due to the nature of the products and services. (8.3.3 ¶ 1(e), ISO 9001 Quality Management systems - Requirements, Fifth edition 2015-09-15)
Analyze user needs and software requirements to determine feasibility of design within time and cost constraints. (T0011, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Analyze user needs and software requirements to determine feasibility of design within time and cost constraints. (T0011, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)