Navigate

CCI-003245

CCI-003245 Definition

Defines the frequency on which to review the development process, standards, tools, and tool options/configurations to determine if the process, standards, tools, and tool options and tool configurations selected and employed can satisfy organization-defined security requirements.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Validation Procedures

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003245.

Control	Description
SA-15	The organization: a: Requires the developer of the information system, system component, or information system service to follow a documented development process that: 1: Explicitly addresses security requirements; 2: Identifies the standards and tools used in the development process; 3: Documents the specific tool options and tool configurations used in the development process; and 4: Documents, manages, and ensures the integrity of changes to the process and/or tools used in development; and b: Reviews the development process, standards, tools, and tool options/configurations [one of ] to determine if the process, standards, tools, and tool options/configurations selected and employed can satisfy [one of ].

Control

Description

SA-15

The organization:

a: Requires the developer of the information system, system component, or information system service to follow a documented development process that:
- 1: Explicitly addresses security requirements;
- 2: Identifies the standards and tools used in the development process;
- 3: Documents the specific tool options and tool configurations used in the development process; and
- 4: Documents, manages, and ensures the integrity of changes to the process and/or tools used in development; and

b: Reviews the development process, standards, tools, and tool options/configurations [one of ] to determine if the process, standards, tools, and tool options/configurations selected and employed can satisfy [one of ].