CIS Controls v8

CIS 16 Application Software Security

Starts in IG2 | Integrate security controls into software delivery.

Implementation Actions

Define secure SDLC gates.
Run SAST/DAST/dependency checks.
Manage secrets and pipeline hardening.

Evidence Examples

Secure SDLC standard
Application scan results
Pipeline control records

Suggested Metrics

Critical app vulnerability MTTR
Release security gate pass rate

Navigation

Back to All 18 CIS Controls NIST CSF 2.0 Guidance FedRAMP Guidance Cybersecurity Glossary