Identify and specify app security needs, determined through risk assessment with InfoSec experts. Requirements include trust, information type, access segregation, resilience, legal/regulatory requirements, privacy, data protection/encryption, input/output controls, error handling. For transactional and payment applications, consider identity/integrity trust, authorization, confidentiality, non-repudiation, verification, and storage. Use a trusted authority for digital signatures/certificates.
Conformance1
Tools for conforming to standards, goals and processes
