Step 10 - Manage the System Development Life Cycle

The System Development Life Cycle (SDLC) is a systematic, repeatable process that agencies can follow to develop new systems that will help them achieve their access control goals. It will help you manage existing and developing tools and technologies. While there are many variations of the SDLC, the simplest and most commonly used model is the waterfall model that includes five phases: Planning, Requirements and Design, Build, Implement, and Operate and Maintain.

Most agencies have some variation of the SLDC in place to manage and maintain elements of their enterprise architecture. The same SDLC can be used to develop the tools and technology that are used as enablers within the Access Management Framework.

Checklist

 Prepare all elements required to begin the development of a system. During this step, you’ll need to prepare the following:

• Communications Management Plan,

• Cost/benefit analysis of access control tools procurement and development,

• Business Plan,

• Implementation Plan/Schedule, and

• Risk Management Plan

The goal of this phase is to develop a plan for the specific access control tools and technologies that need to be developed for the access control solution.

 Document the requirements and design of the access control solution. Define how the solution should operate in the existing infrastructure by gathering and validating requirements, securing funding, acquiring resources, and documenting the access control tool/technology design and solution architecture. Successful completion of the Requirements and Design phase can prevent unnecessary rework as the tool/technology is built and implemented.

 Build the technical solution, configure, and test the system. Build your access control tool/technology based on the outputs of previous phases within the System Development Lifecycle. Configure your servers/hardware, install software, implement security controls, and test solution to make sure the tool/technology meets defined requirements and performs as intended.

 Implement the access control solution. Migrate the solution from your development/test environment to your production infrastructure (deploy to your production environment). Supporting activities during a deployment include:

• User Acceptance Testing,

• User Training, and

• Stakeholder Outreach

 Perform ongoing management and system maintenance activities. After implementation, you must make appropriate updates to uphold the security integrity of the system and make sure the system operates correctly. Activities in this phase include: Monitoring security controls, installing upgrades and patches, refreshing technology, and performing ongoing user training.