CCI-004771
CCI-004771 Definition
| Status | |
| Type | CheckType.technical |
Master Assessment Datasheet
Implementation Guidance
Determine if [SA-08(28)_ODP; systems or system components that implement the security design principle of acceptable security are defined] implement the security design principle of acceptable security.
Validation Procedures
Examine: [SELECT FROM: System and services acquisition policy; system and services acquisition procedures; procedures addressing the security design principle of acceptable security used in the specification, design, development, implementation, and modification of the system; system design documentation; security and privacy requirements and specifications for the system; system security and privacy architecture; personally identifiable information processing policy; privacy notifications provided to users; system security plan; privacy plan; privacy impact assessment; privacy risk assessment documentation; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with information security and privacy responsibilities; organizational personnel with system specification, design, development, implementation, and modification responsibilities; system developers]. Test: [SELECT FROM: Organizational processes for applying the security design principle of acceptable security in system specification, design, development, implementation, and modification; mechanisms supporting the application of the security design principle of acceptable security in system specification, design, development, implementation, and modification; mechanisms that enforce security policies].