Navigate

CCI-002529

CCI-002529 Definition

Employ organization-defined operations security controls to protect key organizational information throughout the system development life cycle.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if [SC-38_ODP; operations security controls to be employed to protect key organizational information throughout the system development life cycle are defined] are employed to protect key organizational information throughout the system development life cycle.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing operations security; security plan; list of operations security safeguards; security control assessments; risk assessments; threat and vulnerability assessments; plans of action and milestones; system development life cycle documentation; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel installing, configuring, and/or maintaining the system; system developers/integrators]. Test: [SELECT FROM: Organizational processes for protecting organizational information throughout the system development life cycle; mechanisms supporting and/or implementing safeguards to protect organizational information throughout the system development life cycle].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002529.

Control	Description
SC-38	Employ the following operations security controls to protect key organizational information throughout the system development life cycle: [operations security controls to be employed to protect key organizational information throughout the system development life cycle are defined;].