SA-17(2)—Security-Relevant Components
>Control Description
Require the developer of the system, system component, or system service to: a. Define security-relevant hardware, software, and firmware; and b. Provide a rationale that the definition for security-relevant hardware, software, and firmware is complete.
>Supplemental Guidance
The security-relevant hardware, software, and firmware represent the portion of the system, component, or service that is trusted to perform correctly to maintain required security properties.