CCI-004732
CCI-004732 Definition
| Status | |
| Type | CheckType.technical |
Master Assessment Datasheet
Implementation Guidance
Determine if [SA-08(09)_ODP; systems or system components that implement the security design principle of trusted components are defined] implement the security design principle of trusted components.
Validation Procedures
Examine: [SELECT FROM: Supply chain risk management plan; system and services acquisition policy; procedures addressing the security design principle of trusted components used in the specification, design, development, implementation, and modification of the system; system design documentation; security, supply chain risk management, and privacy requirements and specifications for the system; system security and privacy architecture; procedures for determining component assurance; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with the responsibility for determining system security and privacy requirements; organizational personnel with system specification, design, development, implementation, and modification responsibilities; system developers; organizational personnel with information security responsibilities; organizational personnel with supply chain risk management responsibilities]. Test: [SELECT FROM: Organizational processes for applying the security design principle of trusted components in system specification, design, development, implementation, and modification; mechanisms supporting the application of the security design principle of trusted components in system specification, design, development, implementation, and modification].