Require the developer of the system, system component, or system service to:
(a) Define security-relevant hardware, software, and firmware; and
(b) Provide a rationale that the definition for security-relevant hardware, software, and firmware is complete.
|
|
| Control Identifier | SA-17(2) |
| Latest Sync Date | 19/12/24 09:18:14 |
| Discussion | The security-relevant hardware, software, and firmware represent the portion of the system, component, or service that is trusted to perform correctly to maintain required security properties. |
| Related Controls | AC-25, SA-5. |