Files containing executable content are digitally signed by a certificate with a verifiable chain of trust as part of software development.
Topic
Secure software development
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Mar 2025
Files containing executable content are digitally signed by a certificate with a verifiable chain of trust as part of software development.
References to ‘application development’ were changed to ‘software development’.
Mar 2025
Files containing executable content are digitally signed by a certificate with a verifiable chain of trust as part of software development.
The existing control recommending that files containing executable content are digitally signed as part of software development was amended to recommend the use of a certificate with a verifiable chain of trust.
Sep 2022
Files containing executable content are digitally signed as part of application development.
A new control was added covering software developers digitally signing files containing executable content as part of application development.