Navigate

SA-18 (1)

SA-18 (1): Multiple Phases Of Sdlc

The organization employs anti-tamper technologies and techniques during multiple phases in the system development life cycle including design, development, integration, operations, and maintenance.

Supplemental

Organizations use a combination of hardware and software techniques for tamper resistance and detection. Organizations employ obfuscation and self-checking, for example, to make reverse engineering and modifications more difficult, time-consuming, and expensive for adversaries. Customization of information systems and system components can make substitutions easier to detect and therefore limit damage.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to SA-18 (1).

Control	Description
SA-3	The organization: SA-3a.: Manages the information system using [Assignment: organization-defined system development life cycle] that incorporates information security considerations; SA-3b.: Defines and documents information security roles and responsibilities throughout the system development life cycle; SA-3c.: Identifies individuals having information security roles and responsibilities; and SA-3d.: Integrates the organizational information security risk management process into system development life cycle activities.

Control

Description

SA-3

The organization:

SA-3a.: Manages the information system using [Assignment: organization-defined system development life cycle] that incorporates information security considerations;

SA-3b.: Defines and documents information security roles and responsibilities throughout the system development life cycle;

SA-3c.: Identifies individuals having information security roles and responsibilities; and

SA-3d.: Integrates the organizational information security risk management process into system development life cycle activities.

Enhancements

The controls below (if any) add on to the requirements of SA-18 (1).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SA-18 (1).

CCI	Definition
CCI-003347	The organization employs anti-tamper technologies and techniques during multiple phases in the system development life cycle including design.
CCI-003348	The organization employs anti-tamper technologies and techniques during multiple phases in the system development life cycle including development.
CCI-003349	The organization employs anti-tamper technologies and techniques during multiple phases in the system development life cycle including integration.
CCI-003350	The organization employs anti-tamper technologies and techniques during multiple phases in the system development life cycle including operations.
CCI-003351	The organization employs anti-tamper technologies and techniques during multiple phases in the system development life cycle including maintenance.