ISC2.org, the organization that grants the CISSP certification, has a great, online, FREE global security resource guide.
No membership, certification, or log-in required!
Update 1-11-14: See Kim White’s comment below about availability of this resource. If it is made public, I will link to the new version. The “remove this post now” comment makes me wonder if it’s coming back for public consumption*. – Mack
If you’re looking for FREE audit work plans, AuditNet.org is probably your best bet.
You can get a free account that allows you to access a limited number of work plans, usually basic ones. A premium account gives you access to all content . See their Subscription Plans for more info, and note that they call work plans ‘audit templates’.
If you have an ACL support agreement, you may be able to access AuditNet for FREE!
Last time I looked, over 100 work plans were free, and a total of 2600 were available.
The lead security study group (group 17) from the International Telecommunication Union provides a paper containing general suggestions for writing secure applications. In the paper, each item is hyperlinked to additional information.