| Home | What is Compliance? | Access Controls | Change Controls | Computer Operations | Software Development | End-User Computing | Contact |

Software Development

System software controls are designed to ensure that the is a rigid procedure in place regarding the process in place to develop, test, and deploy new code. NIST special publication 800-64 speficially discusses this process as the system developement lifecycle (SDLC). The SDLC is comprised of five independent steps in the software development process:

  1. Initiation
  2. Acquisition/Development
  3. Implementation
  4. Operations/Maintenance - This is the stage that most of the systems that OIT operates are in. This includes all systems in production and are being constantly managed.
  5. Disposition

The SDLC is the framework for which all other software development controls are based on. Audits will usually focus on areas such as testing and QA, segregation of duties, and management sign-off of all production migrations. Click here to see a listing of the control areas that are covered under software development.

If you have any specific questions regarding software development controls and any compliance issues related to them, please contact Brian Markham at 301-405-1057.

How are we doing?

This page is maintained by the Office of Information Technology IT Security Office
Questions and/or comments: oit-webeditor@umail.umd.edu
Last modified: September 14, 2007
© 2007 University of Maryland

 University of Maryland