Definition
The System[s] Development Life Cycle (SDLC) is
| “ | [a]n approach used to plan, design, develop, test, and implement an application system or a major modification to an application system.[1] | ” |
| “ | [t]he scope of activities associated with a system, encompassing the system's initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal.[2] | ” |
Overview
There are eight distinct phases in the SDLC as depicted in the figure below:
SDLC Process
Throughout the System Development Life Cycle system owners must be cognizant of changes to the system. Since systems routinely experience changes over time to accommodate new requirements, new technologies or new risks, they must be routinely analyzed in respect to the security posture. Minor changes typically have little impact to the security posture of a system. These changes can be standard maintenance, adding or deleting users, applying standard security patches, or other routine activities. However, significant changes require an added level of attention and action. Changes, such as installing a new operating system, port modification, new hardware platforms, or changes to the security controls should trigger a re-authorization of the system
References
- ↑ FFIEC IT Examination Handbook, Audit, Appendix B: Glossary (full-text).
- ↑ CNSSI 4009.