CCI-000615

The organization manages the information system using an organization-defined system development life cycle that incorporates information security considerations.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to manage the information system using the system development life cycle defined in SA-3, CCI 3092 that incorporates information security considerations IAW DoDI 8580.1.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process and artifacts of the system development life cycle process to ensure the organization being inspected/assessed manages the information system using the system development life cycle defined in SA-3, CCI 3092 that incorporates information security considerations IAW DoDI 8580.1.

Compelling Evidence

1.) System security plan (SSP). 2.) System Development Life Cycle (SDLC) documentation defines processes to incorporate information security considerations.

The controls below (if any) were marked by NIST as being related to CCI-000615.