CCI-003176
CCI-003176 Definition
Requires the developer of the system, system component, or system service, at all post-design phases of the system development life cycle, to produce the results of the testing and evaluation.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed requires the developer to produce and provide results of the security testing/evaluation.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the contracts/agreements to ensure the organization being inspected/assessed requires that the developer of the information system, system component, or information system service produce the results of the security testing/evaluation.
Compelling Evidence
1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation must require developer results of security testing/evaluation.