Back

Establish, implement, and maintain traceability documentation.


CONTROL ID
16388
CONTROL TYPE
Systems Design, Build, and Implementation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a software release policy., CC ID: 00893

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A software bill of materials is produced and made available to consumers of software. (Control: ISM-1730; Revision: 0, Australian Government Information Security Manual, June 2023)
  • A software bill of materials is produced and made available to consumers of software. (Control: ISM-1730; Revision: 0, Australian Government Information Security Manual, September 2023)
  • Verify that a Software Bill of Materials (SBOM) is maintained of all third party libraries in use. (14.2.5, Application Security Verification Standard 4.0.3, 4.0.3)
  • Verify that each firmware maintains a software bill of materials cataloging third-party components, versioning, and published vulnerabilities. (C.12, Application Security Verification Standard 4.0.3, 4.0.3)
  • Collect, safeguard, maintain, and share provenance data for all components of each software release (e.g., in a software bill of materials [SBOM]). (PS.3.2, NIST SP 800-218, Secure Software Development Framework: Recommendations for Mitigating the Risk of Software Vulnerabilities, Version 1.1)