All software developers of Netspective Communications LLC must use a secure Engineering Sandbox to develop and test their code without causing any disruption to the production environment.
Controls
- The Engineering Sandbox must be separate from the production environment and should replicate the production environment as closely as possible.
- Ensure to use “engineering sandbox home” setup for polyglot software development https://git.netspective.io/netspective-labs/home-polyglot-shared/
- to install all required development environments, tools, and libraries on the engineering sandbox using https://github.com/netspective-labs/home-polyglot/blob/main/bootstrap-admin-debian.sh
- The Engineering Sandbox must be configured with the appropriate security measures, including firewalls, intrusion detection and prevention systems, and antivirus software, to prevent unauthorized access and protect against malicious software.
- Developers must ensure that their code is thoroughly tested in the Engineering Sandbox before it is deployed to the production environment. Testing must include functionality, performance, and security testing.
- Developers must follow the organization’s change management process when deploying code from the Engineering Sandbox to the production environment.
- The Engineering Sandbox should be regularly updated to ensure that it reflects changes in the production environment. The Engineering Sandbox should also be regularly backed up to ensure that data is not lost in case of a system failure.
Evidence
Approved by
Abdul Razak
on July 5, 2023
|
Last Updated by
Ajay Mohan.K
on
July 5, 2023