Navigate

CCI-003249

CCI-003249 Definition

Defines the frequency on which the developer of the system, system component, or system service is required to provide evidence of meeting the quality metrics.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the frequency that is required by the developer of the information system, system component, or information system service to provide evidence of meeting the quality metrics. DoD has determined the frequency is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented frequency to ensure the organization being inspected/assessed defines the frequency that is required by the developer of the information system, system component, or information system service to provide evidence of meeting the quality metrics. DoD has determined the frequency is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan defining the frequency requiring developers of the information system, system component or information system service to provide evidence of meeting the quality metrics.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003249.

Control	Description
SA-15(1)	The organization requires the developer of the information system, system component, or information system service to: (a): Define quality metrics at the beginning of the development process; and (b): Provide evidence of meeting the quality metrics [one or more of " {{ insert: param, sa-15.1_prm_2 }} "/" {{ insert: param, sa-15.1_prm_3 }} "/"upon delivery"].