>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-21Developer Screening

Secret (P3)
Management

>Control Description

(A) The organization requires that the developer of organization-defined information system, system component, or information system service have appropriate access authorizations as determined by assigned organization-defined official government duties. (B) The organization requires that the developer of organization-defined information system, system component, or information system service satisfy organization-defined additional personnel screening criteria.

>Supplemental Guidance

Because the information system, system component, or information system service may be employed in critical activities essential to the national and/or economic security interests of Canada, organizations have a strong interest in ensuring that the developer is trustworthy. The degree of trust required of the developer may need to be consistent with that of the individuals accessing the information system/component/service once deployed. Examples of authorization and personnel screening criteria include clearance, satisfactory background checks, citizenship, and nationality.

Trustworthiness of developers may also include a review and analysis of company ownership and any relationships the company has with entities potentially affecting the quality/reliability of the systems, components, or services being developed. Related controls: PS-3, PS-7

>Tailoring Guidance

Apply to custom developed systems or components.

Ask AI

Configure your API key to use AI features.