Navigate

CCI-000616

CCI-000616 Definition

The organization defines and documents information system security roles and responsibilities throughout the system development life cycle.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents information system security roles and responsibilities throughout the system development life cycle IAW DoDI 8580.1 .

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the information system security roles and responsibilities to ensure the organization being inspected/assessed defines and documents information system security roles and responsibilities throughout the system development life cycle IAW DoDI 8580.1.

Compelling Evidence

1.) System Development Life Cycle (SDLC) documentation used to manage the information system defines security roles and responsibilities through the SDLC.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000616.

Control	Description
SA-3	The organization: SA-3a.: Manages the information system using [Assignment: organization-defined system development life cycle] that incorporates information security considerations; SA-3b.: Defines and documents information security roles and responsibilities throughout the system development life cycle; SA-3c.: Identifies individuals having information security roles and responsibilities; and SA-3d.: Integrates the organizational information security risk management process into system development life cycle activities.

Control

Description

SA-3

The organization:

SA-3a.: Manages the information system using [Assignment: organization-defined system development life cycle] that incorporates information security considerations;

SA-3b.: Defines and documents information security roles and responsibilities throughout the system development life cycle;

SA-3c.: Identifies individuals having information security roles and responsibilities; and

SA-3d.: Integrates the organizational information security risk management process into system development life cycle activities.