ponens

← Policy gallery

NIST SSDF: PO — Security Requirements Defined

error

ssdf_po_security_requirements_defined

secure-development conformance pure_temporal secure-developmentnistssdfsupply-chainporag-red

Security requirements for the software and its development are defined (PO.1).

Formula

G(GitCommit → P(security_requirements_defined))

Why it matters

SSDF PO.1: define security requirements for software development, and maintain them over time.

Examples

passes the practice's evidence is present

fails the required secure-development step is absent

Use it

ponens policies add ssdf_po_security_requirements_defined --into ./trace.json
ponens trace check ./trace.json