CCI-004763
CCI-004763 Definition
| Status | |
| Type | CheckType.technical |
Master Assessment Datasheet
Implementation Guidance
Determine if: - [SA-08(24)_ODP[01]; systems or system components that implement the security design principle of secure failure are defined] implement the security design principle of secure failure. - [SA-08(24)_ODP[02]; systems or system components that implement the security design principle of secure recovery are defined] implement the security design principle of secure recovery.
Validation Procedures
Examine: [SELECT FROM: System and services acquisition policy; system and communications protection policy; contingency planning policy; procedures addressing information system recovery and reconstitution; procedures addressing the security design principle of secure failure and recovery used in the specification, design, development, implementation, and modification of the system; contingency plan; procedures addressing system backup; contingency plan test documentation; contingency plan test results; system design documentation; security and privacy requirements and specifications for the system; system security and privacy architecture; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with the responsibility for determining system security and privacy requirements; organizational personnel with system specification, design, development, implementation, and modification responsibilities; organizational personnel with contingency plan testing responsibilities; organizational personnel with system recovery and reconstitution responsibilities; system developers; organizational personnel with information security responsibilities; organizational personnel with information system backup responsibilities]. Test: [SELECT FROM: Organizational processes for applying the security design principle of secure failure and recovery in system specification, design, development, implementation, and modification; mechanisms supporting the application of the security design principle of secure failure and recovery in system specification, design, development, implementation, and modification; mechanisms supporting and/or implementing secure failure; organizational processes for contingency plan testing; mechanisms supporting contingency plan testing; mechanisms supporting recovery and reconstitution of the system; organizational processes for conducting system backups; mechanisms supporting and/or implementing system backups].