CCI-004717

Implementation Guidance

Determine if the security design principle of clear abstractions is implemented.

Validation Procedures

Examine: [SELECT FROM: System and services acquisition policy; procedures addressing the security design principle of clear abstractions used in the specification, design, development, implementation, and modification of the system; system design documentation; security and privacy requirements and specifications for the system; system security and privacy architecture; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with the responsibility for determining system security and privacy requirements; organizational personnel with system specification, design, development, implementation, and modification responsibilities; system developers; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for applying the security design principle of clear abstractions to system specification, design, development, implementation, and modification; mechanisms supporting the application of the security design principle of clear abstractions to system specification, design, development, implementation, and modification].