Systems and Development Lifecycle

PS-08-018.02 Systems and Development Lifecycle

Issue Date:  3/20/2008

Revision Effective Date:  7/1/2018

 

PURPOSE

System life-cycle management is a methodology for establishing processes, procedures and practices governing and managing the life an information system from initiation/requirements through disposal.   The methodology is a tool to assist system owners, developers and management document the design and decisions made regarding a system.

 

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS

See Enterprise Information Security Charter (policy)

 

POLICY

All state information systems and applications, whether in development or production, shall be governed by a documented and repeatable system life-cycle management policies and guidelines that are approved and reviewed by an authorizing official. The processes and guidelines must incorporate system security planning throughout all phases of the system’s life-cycle from conception to disposal.

 

RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES

  • System Lifecycle Management (Standard)
  • Risk Management (Policy)
  • System Security Plans (Standard)

 

REFERENCES

  • NIST SP 800-64 Security Consideration for SDLC
  • NIST SP 800-65 Integrating IT Security into the Capital Planning and Investments Controls Process

 

TERMS and DEFINITIONS

System Lifecycle is the overall process of developing/acquiring, implementing, operating, and retiring information systems through a multi-step process from initiation, design, implementation, operation and maintenance, to disposal.

 

Related Files