System libraries are managed and maintained to protect privileged programs and to prevent or minimize the introduction of unauthorized code.
MAC / CONF
MACI MACII MACIII
Security Design and Configuration
Without appropriate library management controls, unauthorized code can intentionally or inadvertently be added to information systems. Software versioning, access rights, etc. all work towards maintaining a known configuration.
1. Libraries shall be controlled by the CCB. 2. Access to libraries shall be restricted to a minimum number of individuals. 3. A library access log shall be maintained, preferably automated.
IEEE 12207.0, Industry Implementation of International Standard ISO/IEC 12207: 1995 (ISO/IEC 12207)) Standard for Information Technology - Software Life Cycle Processes, 01 March 1998