SA-17(5)—Developer Security Architecture And Design

PBMM (P3)

Secret (P3)

Management

>Control Description

DEVELOPER SECURITY ARCHITECTURE AND DESIGN | CONCEPTUALLY SIMPLE DESIGN The organization requires the developer of the information system, system component, or information system service to: (a) Design and structure the security-relevant hardware, software, and firmware to use a complete, conceptually simple protection mechanism with precisely defined semantics; and (b) Internally structure the security-relevant hardware, software, and firmware with specific regard for this mechanism.

>Supplemental Guidance

Related control: SC-3.

>Tailoring Guidance

Apply to custom developed systems or components.

Ask AI

Configure your API key to use AI features.