ISPOL-50-Overview
0 (0 Likes / 0 Dislikes)
Introduction to Information Security Policy 50
Information Systems Development, Acquisition, and Maintenance
ISPOL 50 is the basis for a robust
system development, acquisition,
and maintenance framework.
This framework outlines the overall
security and compliance requirements for
systems, applications and systems software,
and hardware life-cycles.
Key components of this policy are the
security requirements for information systems development.
One example of those requirements
is the use of Secure Development Lifecycle controls,
or SDL controls,
to address security risks, privacy needs,
and ensure that information security is
built into the development life-cycle.
More specific examples of
information systems development requirements are:
meeting application security requirements
and achieving certification for developed applications
in accordance with Application Security standards.
The Application Security Standard
under ISPOL 50 will provide you with details
on how to comply with that policy requirement.
ISPOL 50 also includes security requirements
for working with third party systems and solutions.
Whether prepackaged, turn-key or customized solutions,
Policy 50 ensures that security,
privacy, procurement,
and legal requirements are addressed
during product development or acquisition.
That way, no matter who we work with outside of Intel,
we’ll be able to hold them to our high standards.
Beyond development and third parties,
there’s maintenance to consider.
ISPOL 50 requires that Maintenance controls
must be configured and applied to Intel information systems.
This includes regular monitoring, response to issues,
and restrictions on programs
that could override controls.
A key maintenance requirement in ISPOL 50
is complying with Minimum Security Specifications, or MSS.
MSS requires that Intel systems
be kept up to date with the latest
trusted vendor-supplied security configurations,
required software, and patches.
Note that IT Information Security
can enforce compliance of systems,
services, or applications that are not following MSS requirements.
Another maintenance requirement
found in ISPOL 50 is Change Management.
This requires that system development changes
must follow the formal process defined by Intel IT
for review and approval. The change management process
includes review of technical, functional,
and operational security requirements and plans.
Proposed changes must be approved by a
Change Advisory Board, or CAB,
as well as the system owners.
There are many other important requirements covered in ISPOL 50.
Some of the remaining subsections discuss
Separation of Duties,
Testing, Upgrades, Assessments,
and even Decommissioning and Disposal.
Information Security Policy 50,
Information Systems Development,
Acquisition, and Maintenance
ensures that information systems
and resources maintain
adequate security controls.
It also ensures that the
appropriate hardware,
applications and systems software,
and procedural mechanisms are defined,
implemented, and maintained.
These updated policies, supporting documents,
and the improved portal
should make it easier for you to
locate and understand our
corporate information security requirements.
They can be found on our corporate policy repository,
Policy Central
Visit goto/InfoSecPolicies
to learn more or ask questions.
Thank you for your help to keep Intel secure!