SA-18 (1)     Tamper Resistance And Detection | Multiple Phases Of Sdlc 

The organization employs anti-tamper technologies and techniques during multiple phases in the system development life cycle including design, development, integration, operations, and maintenance.

                    
                

            


        

    


    

        

        

            

                
Applicable CNSSI 1253 Baselines

            

        


        

            


                


                    

                        

                            

                                
Confidentiality

                            

                        

                        

                            

                                
    
                                    
  • 
                                        
                                        L
                                        
                                    
    • 
                                    
  • 
                                        
                                        M
                                        
                                    
    • 
                                    
  • 
                                        
                                        H
                                        
                                    
    • 
                                

                            

                            
                        

                    


                    

                        

                            

                                
Integrity

                            

                        

                        

                            

                                
    
                                    
  • 
                                        
                                        L
                                        
                                    
    • 
                                    
  • 
                                        
                                        M
                                        
                                    
    • 
                                    
  • 
                                        
                                        H
                                        
                                    
    • 
                                

                            

                            
                        

                    


                    

                        

                            

                                
Availability

                            

                        

                        

                            

                                
    
                                    
  • 
                                        
                                        L
                                        
                                    
    • 
                                    
  • 
                                        
                                        M
                                        
                                    
    • 
                                    
  • 
                                        
                                        H
                                        
                                    
    • 
                                

                            

                            
                        

                    


                


            


        


        
        

        

            

                
Supplemental Guidance

            

        

        

            

                
Organizations use a combination of hardware and software techniques for tamper resistance and detection. Organizations employ obfuscation and self-checking, for example, to make reverse engineering and modifications more difficult, time-consuming, and expensive for adversaries. Customization of information systems and system components can make substitutions easier to detect and therefore limit damage.

            

        

        

        
        

        

            

                
Related Controls