+Procurement, Development and Modification of Information Systems (DEV)
---+DEV-01 Policies for the Development/Procurement of System Components
------+DEV-01.01B
------+DEV-01.02B
------+DEV-01.03B
------+DEV-01.01AC
---+DEV-02 Outsourcing of the Development
------+DEV-02.01B
------+DEV-02.02B
------+DEV-02.01AC
------+DEV-02.02AC
---+DEV-03 Policies for Changes to System Components
------+DEV-03.01B
---+DEV-04 Safety Training and Awareness Programme Regarding Continuous Software Delivery and Associated Systems, Components or Tools
------+DEV-04.01B
------+DEV-04.02B
---+DEV-05 Design Documentation for Security Features
------+DEV-05.01B
---+DEV-06 Risk Assessment, Categorisation and Prioritisation of Changes
------+DEV-06.01B
------+DEV-06.02B
------+DEV-06.01AC
---+DEV-07 Testing Changes
------+DEV-07.01B
------+DEV-07.02B
------+DEV-07.03B
------+DEV-07.04B
------+DEV-07.05B
------+DEV-07.01AC
------+DEV-07 Supplementary Information - Complementary Customer Criteria
---+DEV-08 Logging of Changes
------+DEV-08.01B
------+DEV-08.02B
------+DEV-08.01AC
---+DEV-09 Version Control
------+DEV-09.01B
------+DEV-09.02B
------+DEV-09.03B
------+DEV-09.01AC
------+DEV-09.02AC
---+DEV-10 Approvals for Provision in the Production Environment
------+DEV-10.01B
------+DEV-10.02B
------+DEV-10.01AC
------+DEV-10 Supplementary Information - Complementary Customer Criteria
---+DEV-11 Protection of Development and Test Environments
------+DEV-11.01B
---+DEV-12 Separation of Environments
------+DEV-12.01B
------+DEV-12.02B
---+DEV-13 Transparency about Software Components
------+DEV-13.01B
------+DEV-13.02B
---+DEV-14 Secure Use of Third Party Hardware and Software
------+DEV-14.01B
------+DEV-14.02B
------+DEV-14.03B
------+DEV-14.01AC
---+DEV-15 Exceptions to the Change Management Process
------+DEV-15.01B

1. Übersicht

Procurement, Development and Modification of Information Systems (DEV)

Objective: Ensure information security in the development cycle of cloud service system components.

Bezeichnung	Standard
DEV-01 Policies for the Development/Procurement of System Components	-
DEV-02 Outsourcing of the Development	-
DEV-03 Policies for Changes to System Components	-
DEV-04 Safety Training and Awareness Programme Regarding Continuous Software Delivery and Associated Systems, Components or Tools	-
DEV-05 Design Documentation for Security Features	-
DEV-06 Risk Assessment, Categorisation and Prioritisation of Changes	-
DEV-07 Testing Changes	-
DEV-08 Logging of Changes	-
DEV-09 Version Control	-
DEV-10 Approvals for Provision in the Production Environment	-
DEV-11 Protection of Development and Test Environments	-
DEV-12 Separation of Environments	-
DEV-13 Transparency about Software Components	-
DEV-14 Secure Use of Third Party Hardware and Software	-
DEV-15 Exceptions to the Change Management Process	-

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen
Source	Anforderung

3. Related Regulations

Regulations
Source	Regulierung

Cloud Computing Compliance Criteria Catalogue (C5:2026) -
Copyright by Bundesamt für Sicherheit in der Informationstechnik (https://www.bsi.bund.de/)

https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Angriffszielen/Cloud-Computing/Kriterienkatalog-C5/C5_2025/C5_2025_node.html

Impressum