Leadline Inc.CM-18: Version Control and Source Code Access Management
Version control software for source code management with restricted access based on job function
Control Description
Version control software is in place to manage current versions of source code related to the in-scope applications and related databases. The ability to modify source code related to the in-scope applications and related databases is restricted to appropriate users based on job function.
Plain Meaning
You must use version control software (like Git) to track and manage all changes to your source code, and only people who need to make code changes for their job should have permission to modify the code. This ensures that code changes are properly tracked and only authorized people can make modifications.
Related Links
CM-17: Vulnerability Detection Before Production Release
Vulnerability scanning or peer review of source code before production deployment with critical issue remediation
COM-02: Centralized Logging Solution
Implementation of centralized logging for system and application monitoring with access controls