At a minimum there are distinct environments for acceptance and production. Where development activities take place, at least one separate environment for development exists.
The environments are clearly distinguishable (for example through a different colour scheme).
Privileged Access to the production infrastructure is completely separated from privileged access to the other environments.
Authentication to non-production environments does not take place through the production IdP.
The acceptance environment must represent the production environment as closely as possible with the exception of not being publicly available.
Before going into production, any change must always be tested in the acceptance environment.
Separate production, acceptance and testing environments from each other on the network level. DTAP environments are not allowed to have direct connections with each other.
Development environments are assumed to be transient and hosted on individual developer workstations. Developer workstations cannot expose development environments outside the workstation. If a development environment is not hosted on a workstation, the same restrictions apply as in the test environment.
Limit access to the development, testing and acceptance environments by least privilege. If acceptance environments need to face the Internet for any reason, limit the accessibility by IP whitelisting. Access through VPN is preferred.
Developers should not have write access to the production environment. If this is unavoidable, make sure to use the 4-eyes principle when changing code in the production environment.
Development and test environments do not connect to the organisational IdP. Acceptance environments connect to the acceptance IdP. Production environments connect to the production IdP.
Debugging information is turned off in production environments.
A unique naming convention is used for each network (DTAP) environment.
For application development at level High build processes must be fully scripted/automated.