CCI-003105

The organization defines the level of detail for the design information of the security controls that is required to be provided by the developer of the information system, system component, or information system services.

Implementation Guidance

The organization being inspected/assessed defines and documents the level of detail the design information of the security controls is required to be provided by the developer of the information system, system component, or information system services. DoD has determined the level of detail is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented level of detail to ensure the organization being inspected/assessed defines the level of detail the design information of the security controls is required to be provided by the developer of the information system, system component, or information system services. DoD has determined the level of detail is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) System security plan (SSP) defines level of detail required in design information of all security controls, to be provided by developer of information system, component, or service.

The controls below (if any) were marked by NIST as being related to CCI-003105.