Article 69 – System and Services Acquisition Policy
49260.4 Policy Directives
-
The department shall:
-
Ensure that department information assets are managed using a documented System Development Life Cycle methodology during acquisitions, development, and systems operations.
-
Ensure that prior to acquiring ITInformation Technology goods and services that assessments are performed to ensure that the goods and services meet any applicable security and privacy laws, regulations, policies, standards, procedures, and other requirements.
-
Allocate appropriate funding resources to adequately protect information assets throughout their entire life cycle.
-
Ensure system documentation describes security controls and methods in sufficient detail to permit correct functioning, analysis, and testing.
-
Require system design, development, functional and security testing, implementation, maintenance, and operations processes to follow security engineering principles.
-
Ensure that development environments follow rigorous configuration management control.
-
Ensure that services provided by third parties include department requirements and expectations for the protection of department information assets.
-