After the system preliminary design has been developed and the data security categorization has been performed

the vulnerability analysis has been performed and before the system detailed design begins

After the system preliminary design has been developed and before the data security categorization begins

After the business functional analysis and the data security categorization have been performed

Purchase software from a limited list of retailers

Verify the hash key or certificate key of all updates

Do not permit programs, patches, or updates from the Internet

Test all new software in a segregated environment

System acquisition and development

System operations and maintenance

System initiation

System implementation

Debug the security issues

Migrate to newer, supported applications where possible

Conduct a security assessment

Protect the legacy application with a web application firewall

Check arguments in function calls

Test for the security patch level of the environment

Include logging functions

Digitally sign each application module

organization policy.

industry best practices.

industry laws and regulations.

management feedback.

It decreases execution times for programs

It allows programmers to define syntax

It requires programmer-controlled storage management

It enforces coding standards