Separate Production and Development Environments (SS-08-031)
SS-08-031 Separate Production and Development /Test Environments
Issue Date: 3/31/2008
Revision Effective Date: 3/31/2008
Review Date: 7/1/2018
Production systems require a stable and controlled environment to operate properly. Separating development and test activities from and restricting developer access to operational environments reduces the risks of inadvertent or unauthorized modifications to the operational system that could compromise the system’s integrity or availability. This standard establishes these requirements.
Production computing environments shall be either logically or physically separate from development and test environments.
Developer access to production environments shall be prohibited or limited to troubleshooting and all activity recorded and monitored.
Logon procedures and passwords shall be different for production and development/test environments.
Procedures shall exist for transferring software or hardware from development and test to production.
Where physical separation for development/test is not feasible, security measures shall be equal to or higher than that required for the production environment.