Navigate

CCI-003387

CCI-003387 Definition

The organization re-implements or custom develops organization-defined critical information system components.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed re-implements or custom develops critical information system components defined in SA-20, CCI 3386.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines hardware and software lists to ensure that no commercial off-the-shelf components are used as critical information system components defined in SA-20, CCI 3386.

Compelling Evidence

1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for re-implementing or custom developing organization-defined critical information system components.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003387.

Control	Description
SA-20	The organization re-implements or custom develops [Assignment: organization-defined critical information system components].