CCI-003233

CCI-003233 Definition

Require the developer of the system, system component, or system service to follow a documented development process.

Status
Type	CheckType.policy

The controls below (if any) were marked by NIST as being related to CCI-003233.

Control	Description
SA-15	The organization: a: Requires the developer of the information system, system component, or information system service to follow a documented development process that: 1: Explicitly addresses security requirements; 2: Identifies the standards and tools used in the development process; 3: Documents the specific tool options and tool configurations used in the development process; and 4: Documents, manages, and ensures the integrity of changes to the process and/or tools used in development; and b: Reviews the development process, standards, tools, and tool options/configurations [one of ] to determine if the process, standards, tools, and tool options/configurations selected and employed can satisfy [one of ].

Control

Description

a: Requires the developer of the information system, system component, or information system service to follow a documented development process that:
- 1: Explicitly addresses security requirements;
- 2: Identifies the standards and tools used in the development process;
- 3: Documents the specific tool options and tool configurations used in the development process; and
- 4: Documents, manages, and ensures the integrity of changes to the process and/or tools used in development; and

b: Reviews the development process, standards, tools, and tool options/configurations [one of ] to determine if the process, standards, tools, and tool options/configurations selected and employed can satisfy [one of ].