CC5.2
Selects and develops technology controls
SecurityImplementedSecurity (Common Criteria)
Control description
AICPA Trust Services Criteria
The entity also selects and develops general control activities over technology to support the achievement of objectives.
Auditor test plan
How this is tested during the audit
Auditor inspects baseline configurations for production hosts, vulnerability scan cadence, and CI/CD pipeline gates.
Evidence
1 item attached to this control
- YAM
ci-pipeline-gates-config.yaml
sha256:0000000000000000… · 23.9 KB · 28d ago
Last reviewed
28d
Within 180-day window
Evidence on file
4
Owner
VE
VP Engineering
Accountable for design + operating effectiveness
Status timeline
Recent control history
Last reviewed by VP Engineering
28d ago
Status set to implemented
58d ago
Initial control design approved
118d ago