Annex A 8.26 - Application Security Requirements

Information security requirements shall be identified, specified, and approved when developing or acquiring applications.