An error occurred:

CCIs

Number Definition Status Related
CCI-003241 Review the development process in accordance with organization-defined frequency to determine if the development process selected and employed can satisfy organization-defined security requirements. Draft SA-15
CCI-003242 Review the development standards in accordance with organization-defined frequency to determine if the development standards selected and employed can satisfy organization-defined security requirements. Draft SA-15
CCI-003243 Review the development tools in accordance with organization-defined frequency to determine if the development tools selected and employed can satisfy organization-defined security requirements. Draft SA-15
CCI-003244 Review the development tool options/configurations in accordance with organization-defined frequency to determine if the development tool options and tool configurations selected and employed can satisfy organization-defined security requirements. Draft SA-15
CCI-003245 Defines the frequency on which to review the development process, standards, tools, and tool options/configurations to determine if the process, standards, tools, and tool options and tool configurations selected and employed can satisfy organization-defined security requirements. Draft SA-15
CCI-003246 Defines the security requirements that must be satisfied by conducting a review of the development process, standards, tools, and tool options and tool configurations. Draft SA-15
CCI-003247 Require the developer of the system, system component, or system service to define quality metrics at the beginning of the development process. Draft SA-15(1)
CCI-003248 Require the developer of the system, system component, or system service to provide evidence of meeting the quality metrics in accordance with organization-defined frequency, organization-defined program review milestones, and/or upon delivery. Draft SA-15(1)
CCI-003249 Defines the frequency on which the developer of the system, system component, or system service is required to provide evidence of meeting the quality metrics. Draft SA-15(1)
CCI-003250 Defines the program review milestones at which the developer of the information system, system component, or information system service is required to provide evidence of meeting the quality metrics. Draft SA-15(1)
CCI-003251 Require the developer of the system, system component, or system service to select a security tracking tool for use during the development process. Draft SA-15(2)
CCI-003252 Require the developer of the system, system component, or system service to employ a security tracking tool for use during the development process. Draft SA-15(2)
CCI-003253 The organization requires the developer of the information system, system component, or information system service to perform a criticality analysis at an organization-defined breadth/depth and at organization-defined decision points in the system development life cycle. Draft SA-15(3)
CCI-003254 Defines the breadth/depth of criticality analysis at which the developer of the system, system component, or system service is required to perform a criticality analysis. Draft SA-15(3)
CCI-003255 Defines decision points in the system development life cycle at which the developer of the system, system component, or system service is required to perform a criticality analysis. Draft SA-15(3)
CCI-003256 The organization requires that developers perform threat modeling for the information system at an organization-defined breadth/depth. Draft SA-15(4)
CCI-003257 The organization requires that developers perform a vulnerability analysis for the information system at an organization-defined breadth/depth. Draft SA-15(4)
CCI-003258 The organization defines the breadth/depth at which threat modeling for the information system must be performed by developers. Draft SA-15(4)
CCI-003259 The organization defines the breadth/depth at which vulnerability analysis for the information system must be performed by developers. Draft SA-15(4)
CCI-003260 Threat modeling performed by the developer for the information system uses organization-defined information concerning impact, environment of operations, known or assumed threats, and acceptable risk levels. Draft SA-15(4)
CCI-003261 Vulnerability analysis performed by the developer for the information system uses organization-defined information concerning impact, environment of operations, known or assumed threats, and acceptable risk levels. Draft SA-15(4)
CCI-003262 The organization defines information concerning impact, environment of operations, known or assumed threats, and acceptable risk levels to be used to perform threat modeling for the information system by the developer. Draft SA-15(4)
CCI-003263 The organization defines information concerning impact, environment of operations, known or assumed threats, and acceptable risk levels to be used to perform a vulnerability analysis for the information system by the developer. Draft SA-15(4)
CCI-003264 The organization requires the threat modeling performed by the developers employ organization-defined tools and methods. Draft SA-15(4)
CCI-003265 The organization requires the vulnerability analysis performed by the developers employ organization-defined tools and methods. Draft SA-15(4)
CCI-003266 The organization defines tools and methods to be employed to perform threat modeling for the information system by the developer. Draft SA-15(4)
CCI-003267 The organization defines tools and methods to be employed to perform a vulnerability analysis for the information system by the developer. Draft SA-15(4)
CCI-003268 The organization requires that developers performing threat modeling for the information system produce evidence that meets organization-defined acceptance criteria. Draft SA-15(4)
CCI-003269 The organization requires that developers performing vulnerability analysis for the information system produce evidence that meets organization-defined acceptance criteria. Draft SA-15(4)
CCI-003270 The organization defines the acceptance criteria that must be met when threat modeling of the information system is performed by the developer. Draft SA-15(4)