CCI-003093

The organization integrates the organizational information security risk management process into system development life cycle activities.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to integrate the organizational information security risk management process into system development life cycle activities.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed integrates the organizational information security risk management process into system development life cycle activities.

Compelling Evidence

1.) System Development Life Cycle (SDLC) documentation documents process for risk management evaluation of information system.

The controls below (if any) were marked by NIST as being related to CCI-003093.