Navigate

CCI-003163

CCI-003163 Definition

Require the developer of the system, system component, or system service to report findings of security flaws and flaw resolution within the system, component, or service to organization-defined personnel.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003163.

Control	Description
SA-10	The organization requires the developer of the information system, system component, or information system service to: a: Perform configuration management during system, component, or service [one or more of "design"/"development"/"implementation"/"operation"]; b: Document, manage, and control the integrity of changes to [one of ]; c: Implement only organization-approved changes to the system, component, or service; d: Document approved changes to the system, component, or service and the potential security impacts of such changes; and e: Track security flaws and flaw resolution within the system, component, or service and report findings to [one of ].

Control

Description

SA-10

The organization requires the developer of the information system, system component, or information system service to:

a: Perform configuration management during system, component, or service [one or more of "design"/"development"/"implementation"/"operation"];

b: Document, manage, and control the integrity of changes to [one of ];

c: Implement only organization-approved changes to the system, component, or service;

d: Document approved changes to the system, component, or service and the potential security impacts of such changes; and

e: Track security flaws and flaw resolution within the system, component, or service and report findings to [one of ].