Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >ISO 27001
  3. >Technological Controls
  4. >ISO27001-8.26
ISO27001-8.26Active

Application security requirements

Statement

Information security requirements should be identified, specified and approved when developing or acquiring applications.

Location

Control Group
Technological Controls

Control Details

Identifier
ISO27001-8.26
Number
Annex A 8.26

Classification

Annex A Control

Control Group

Implementation Guidance

Information security requirements should be identified, specified and approved when developing or acquiring applications.

AESCSF
AESCSF-ARCHITECTURE-1arelatedvia aescsf-reference
AESCSF-ARCHITECTURE-1brelatedvia aescsf-reference
AESCSF-ARCHITECTURE-1crelatedvia aescsf-reference
AESCSF-ARCHITECTURE-1drelatedvia aescsf-reference
AESCSF-ARCHITECTURE-2arelatedvia aescsf-reference
View in graphReport an issue
← Back to Technological Controls
Technological Controls34 controls
ISO27001-8.1User endpoint devicesISO27001-8.2Privileged access rightsISO27001-8.3Information access restrictionISO27001-8.4Access to source codeISO27001-8.5Secure authenticationISO27001-8.6Capacity managementISO27001-8.7Protection against malwareISO27001-8.8Management of technical vulnerabilitiesISO27001-8.9Configuration managementISO27001-8.10Information deletionISO27001-8.11Data maskingISO27001-8.12Data leakage preventionISO27001-8.13Information backupISO27001-8.14Redundancy of information processing facilitiesISO27001-8.15LoggingISO27001-8.16Monitoring activitiesISO27001-8.17Clock synchronizationISO27001-8.18Use of privileged utility programsISO27001-8.19Installation of software on operational systemsISO27001-8.20Networks securityISO27001-8.21Security of network servicesISO27001-8.22Segregation of networksISO27001-8.23Web filteringISO27001-8.24Use of cryptographyISO27001-8.25Secure development life cycleISO27001-8.26Application security requirementsISO27001-8.27Secure system architecture and engineering principlesISO27001-8.28Secure codingISO27001-8.29Security testing in development and acceptanceISO27001-8.30Outsourced developmentISO27001-8.31Separation of development, test and production environmentsISO27001-8.32Change managementISO27001-8.33Test informationISO27001-8.34Protection of information systems during audit testing