CCI-003172
CCI-003172 Definition
Require the developer of the system, system component, or system service to implement a plan for ongoing security control assessment.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed requires that the developer implement the security assessment plan developed in SA-11, CCI 003171.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the contracts/agreements to ensure the organization being inspected/assessed requires that the developer of the information system, system component, or information system service implement a security assessment plan.
Compelling Evidence
1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation must require implementation of developer-created Security Assessment Plan.