SA-17-727 Developer Security Architecture and Design

Developer Security Architecture and Design

Control ID

SA-17-727

Control Name

Developer Security Architecture and Design

Control Category

Security Assessment and Authorization

Functional Areas

Sub-Areas

NIST Baseline Level(s)

HIGH

NIST Priority

State Implementation Required

Agency Last Implemented Date

Risk Statement

Control Description

The organization requires the developer of the information system, system component, or information system service to produce a design specification and security architecture that: a. Is consistent with and supportive of the organization’s security architecture which is established within and is an integrated part of the organization’s enterprise architecture; b. Accurately and completely describes the required security functionality, and the allocation of security controls among physical and logical components; and c. Expresses how individual security functions, mechanisms, and services work together to provide required security capabilities and a unified approach to protection.

Control Example

State Implementation

No statewide control

Testing Procedures