SS-08-031 Separate Production and Development /Test Environments

Issue Date:  3/31/2008

Revision Effective Date: 3/31/2008

Review Date: 7/1/2018

PURPOSE

Production systems require a stable and controlled environment to operate properly.  Separating development and test activities from and restricting developer access to operational environments reduces the risks of inadvertent or unauthorized modifications to the operational system that could compromise the system’s integrity or availability.  This standard establishes these requirements.

STANDARD

Production computing environments shall be either logically or physically separate from development and test environments. 

Developer access to production environments shall be prohibited or limited to troubleshooting and all activity recorded and monitored.  

Logon procedures and passwords shall be different for production and development/test environments.

Procedures shall exist for transferring software or hardware from development and test to production.

Where physical separation for development/test is not feasible, security measures shall be equal to or higher than that required for the production environment.

RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES

Separation of Production and Development/Test Environments (PS-08-020)