ISO/IEC 27034 Information technology -- Security techniques -- Guidelines for application security (draft)

This is an ambitious project to develop information security guidance for those specifying, designing/programming or procuring, and implementing application systems. 

The standard will provide guidance on specifying, designing/selecting and implementing information security controls through a set of processes integrated into an organization’s Systems Development Life Cycles.

The standard will be ‘SDLC method agnostic’, in other words it will not mandate particular development methods, approaches or stages but will be written in a general manner to be applicable to all. In this way, it will complement other systems development standards without conflicting with them.

Due to the breadth of this topic, the standard will be a multi-part, detailed standard.

ISO/IEC 27034 Part 1 is currently at WD stage. The remaining parts are under development.