Systems and Development Lifecycle (PS-08-018.02)
PS-08-018.02 Systems and Development Lifecycle
Issue Date: 3/20/2008
Revision Effective Date: 7/1/2018
Review Date: 12/1/2020
System life-cycle management is a methodology for establishing processes, procedures and practices governing and managing the life an information system from initiation/requirements through disposal. The methodology is a tool to assist system owners, developers and management document the design and decisions made regarding a system.
SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS
See Enterprise Information Security Charter (policy)
All state information systems and applications, whether in development or production, shall be governed by a documented and repeatable system life-cycle management policies and guidelines that are approved and reviewed by an authorizing official. The processes and guidelines must incorporate system security planning throughout all phases of the system’s life-cycle from conception to disposal.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
- System Lifecycle Management (Standard)
- Risk Management (Policy)
- System Security Plans (Standard)
- Replace with NIST SP 800-160 vol. 1 https://csrc.nist.gov/publications/detail/sp/800-160/vol-1/final
- NIST SP 800-65 Integrating IT Security into the Capital Planning and Investments Controls Process
TERMS and DEFINITIONS
System Lifecycle is the overall process of developing/acquiring, implementing, operating, and retiring information systems through a multi-step process from initiation, design, implementation, operation and maintenance, to disposal.