SAMMY UI is optimized for resolutions with a width 1024px and higher.
Separate Environments
PO.5.1: Separate and protect each environment involved in software development.
  • Example 1: Use multi-factor, risk-based authentication and conditional access for each environment.
  • Example 2: Use network segmentation and access controls to separate the environments from each other and from production environments, and to separate components from each other within each non-production environment, in order to reduce attack surfaces and attackers’ lateral movement and privilege/access escalation.
  • Example 3: Enforce authentication and tightly restrict connections entering and exiting each software development environment, including minimizing access to the internet to only what is necessary.
  • Example 4: Minimize direct human access to toolchain systems, such as build services. Continuously monitor and audit all access attempts and all use of privileged access.
  • Example 5: Minimize the use of production-environment software and services from non-production environments.
  • Example 6: Regularly log, monitor, and audit trust relationships for authorization and access between the environments and between the components within each environment.
  • Example 7: Continuously log and monitor operations and alerts across all components of the development environment to detect, respond, and recover from attempted and actual cyber incidents.
  • Example 8: Configure security controls and other tools involved in separating and protecting the environments to generate artifacts for their activities.
  • Example 9: Continuously monitor all software deployed in each environment for new vulnerabilities, and respond to vulnerabilities appropriately following a risk-based approach.
  • Example 10: Configure and implement measures to secure the environments’ hosting infrastructures following a zero trust architecture.
CMMI Maturity
Not Applicable - Not applicable
Level 1: Initial - Unpredictable and reactive. Work gets completed but is often delayed and over budget.
Level 2: Managed - Managed on the project level. Projects are planned, performed, measured, and controlled.
Level 3: Defined - Proactive, rather than reactive. Organization-wide standards provide guidance across projects, programs, and portfolios.
Level 4: Quantitatively Managed - Measured and controlled. Organization is data-driven with quantitative performance improvement objectives that are predictable and align to meet the needs of internal and external stakeholders.
Level 5: Optimized - Stable and flexible. Organization is focused on continuous improvement and is built to pivot and respond to opportunity and change. The organization’s stability provides a platform for agility and innovation.
Description

Separate and protect each environment involved in software development.