CCI-003175
CCI-003175 Definition
Requires the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to produce evidence of the execution of the assessment plan.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed requires the developer to produce and provide evidence of the execution of the security assessment plan.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the contracts/agreements to ensure the organization being inspected/assessed requires that the developer of the information system, system component, or information system service produce evidence of the execution of the security assessment plan.
Compelling Evidence
1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation must require execution of developer-created Security Assessment Plan.