SA-11(3)
SA-11(3): Independent Verification of Assessment Plans / Evidence
The organization:
- (a): Requires an independent agent satisfying [organization-defined independence criteria] to verify the correct implementation of the developer security assessment plan and the evidence produced during security testing/evaluation; and
- (b): Ensures that the independent agent is either provided with sufficient information to complete the verification process or granted the authority to obtain such information.
Supplemental
Independent agents have the necessary qualifications (i.e., expertise, skills, training, and experience) to verify the correct implementation of developer security assessment plans.
CIA Levels | |
---|---|
Confidentiality | unknown |
Integrity | unknown |
Availability | unknown |
Overlays |
---|
None |
CSF Categories |
---|
None |