The organization:
a. Describes the trustworthiness required in the [Assignment: organization-defined information system, information system component, or information system service] supporting its critical missions/business functions; and
b. Implements [Assignment: organization-defined assurance overlay] to achieve such trustworthiness.