Cybersecurity requirements must be included in project and asset (information/technology) change management methodology and procedures to identify and manage cybersecurity risks as part of project management lifecycle. The cybersecurity requirements must be a key part of the overall requirements of technology projects.

• Include cybersecurity requirements in the project management methodology and procedures and in the change management of the information and technology assets in the organization to ensure that cybersecurity risks are identified and addressed. Such requirements include:
• 1
  • Assess and detect vulnerabilities before the deployment of services or systems online, or upon any change to systems within Information and Technology Project Management
  • Fix identified vulnerabilities before launching projects and changes
  • Review Secure Configuration and Hardening and Patching and address observations identified before launching projects and changes
  • Define the requirements for connection with cyber surveillance systems
• Support cybersecurity requirements of the project management methodology and procedures by the Executive Management through the approval of the head of the organization or his/her deputy

• Secure Software Development Cycle Policy Template
• Secure Software Development Cycle Procedure Template

• Project Management Methodology Document in the organization
• Change management methodology or procedures in the organization's information and technology assets document