SA-17 (2) Developer Security Architecture And Design | Security-Relevant Components
The organization requires the developer of the information system, system component, or information system service to:
SA-17 (2)(a): Define security-relevant hardware, software, and firmware; and
SA-17 (2)(b): Provide a rationale that the definition for security-relevant hardware, software, and firmware is complete.
Applicable CNSSI 1253 Baselines
Confidentiality
- L
- M
- H
Integrity
- L
- M
- H
Availability
- L
- M
- H
Supplemental Guidance
Security-relevant hardware, software, and firmware represent the portion of the information system, component, or service that must be trusted to perform correctly in order to maintain required security properties.