Cybersecurity Requirements Must Be Included In Project And Asset (information/ Technology) Change Management Methodology And Procedures To Identify And Manage Cybersecurity Risks As Part Of Project Management Lifecycle. The Cybersecurity Requirements Must Be A Key Part Of The Overall Requirements Of Technology Projects.

1. The cybersecurity requirements in project and assets (information/technology) change management must include at least the following:
1. Vulnerability assessment and remediation.
2. Conducting a configurations’ review, secure configuration and hardening and patching before changes or going live for technology projects.

1. The cybersecurity requirements related to software and application development projects must include at least the following:
1. Using secure coding standards.
2. Using trusted and licensed sources for software development tools and libraries.
3. Conducting compliance test for software against the defined organizational cybersecurity requirements.
4. Secure integration between software components.
5. Conducting a configurations’ review, secure configuration and hardening and patching before going live for software products.

The Cybersecurity Requirements In Project Management Must Be Reviewed Periodically.