SA-17(2)
SA-17(2): Security-relevant Components
The organization requires the developer of the information system, system component, or information system service to:
- (a): Define security-relevant hardware, software, and firmware; and
- (b): Provide a rationale that the definition for security-relevant hardware, software, and firmware is complete.
Supplemental
Security-relevant hardware, software, and firmware represent the portion of the information system, component, or service that must be trusted to perform correctly in order to maintain required security properties.
CIA Levels | |
---|---|
Confidentiality | unknown |
Integrity | unknown |
Availability | unknown |
Overlays |
---|
None |
CSF Categories |
---|
None |