Application Security Standard

SEC-02-01-S WAS 141.10 (7.1-7.5)


Agencies depend on software applications to deliver on many aspects of their missions. The requirements in the standard ensure that data processed by these applications is not disclosed, altered, or destroyed without authorization. This Standard requires agencies to: 

  • Perform risk assessments on new applications and those which process category 3 data. 
  • Identify, and plan to resolve, application vulnerabilities prior to production deployment. 
  • Use secure coding practices for developing any type of software application.

Cover Sheet