ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

ISO/IEC 27034 is an international standard titled "Information technology - Security techniques - Application security." Part 1 of the series introduces the Application Security Management Process and the concept of an Organization Normative Framework that contains an Application Security Control (ASC) Library. The standard is designed to weave security into every phase of the SDLC and to provide reusable security controls. The OWASP ASVS offers detailed verification requirements but is not an ISO standard and lacks an ASC library concept. OSSTMM focuses on operational security and penetration-testing metrics rather than life-cycle integration. NIST SP 800-115 gives guidance for technical testing activities, not for establishing ongoing application security governance across development phases.