CCI-003387
CCI-003387 Definition
Re-implement or custom develops organization-defined critical system components.
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed re-implements or custom develops critical information system components defined in SA-20, CCI 3386.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines hardware and software lists to ensure that no commercial off-the-shelf components are used as critical information system components defined in SA-20, CCI 3386.
Compelling Evidence
1.) System security plan (SSP). 2.) System development life cycle (SDLC) documentation. 3.) Continuous monitoring plan for re-implementing or custom developing organization-defined critical information system components.