
14
InformatIon SecurIty PolIcy DeveloPment for comPlIance
Wireless, Mobile Computing, and Teleworking (continued)
Define the teleworking activities authorized
by management.
ISO/IEC 27001 A.11.7.2 L272
NIST SP 800-53 AC-17 L273
HIPAA Standard
PCI DSS V2.0
AUP V5.0
Change Control and Change Management
Software Development
Describe how software applications
(internal and external, including
web-based administrative access to
applications) are developed based on
industry best practices.
Describe how information security is
incorporated throughout the software
development life cycle (SDLC).
ISO/IEC 27001 A.12.1.1 L274
NIST SP 800-53 SA-3 L275
HIPAA Standard
PCI ...