SA-17-727 Developer Security Architecture and Design

Developer Security Architecture and Design

SA-17-727
Developer Security Architecture and Design
Security Assessment and Authorization
HIGH
P1
No
NA
The organization requires the developer of the information system, system component, or information system service to produce a design specification and security architecture that: a. Is consistent with and supportive of the organization’s security architecture which is established within and is an integrated part of the organization’s enterprise architecture; b. Accurately and completely describes the required security functionality, and the allocation of security controls among physical and logical components; and c. Expresses how individual security functions, mechanisms, and services work together to provide required security capabilities and a unified approach to protection.
NA
No statewide control