Guidance for NIST 800-171 Assessment & Compliance
SA-15(11) DEVELOPMENT PROCESS, STANDARDS, AND TOOLS | ARCHIVE INFORMATION SYSTEM / COMPONENT |
Scroll Prev Top Next More |
Applicable (Y)es / (N)o |
(C)onfidentiality |
(I)ntegrity |
(A)vailability |
RPN (C+I+A) |
(S)atisfactory |
||||||
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
(O)ther than satisfactory +## |
||
|
|
|
|
|
|
|
|
|
|
|
|
###
sa-15(11) |
development process, standards, and tools | archive information system / component |
|
assessment objective: Determine if the organization requires the developer of the information system or system component to archive the system or component to be released or delivered together with the corresponding evidence supporting the final security review. |
potential assessment methods and objects: Examine: [select from: System and services acquisition policy; procedures addressing development process, standards, and tools; solicitation documentation; acquisition documentation; service-level agreements; acquisition contracts for the information system, or services; acquisition documentation; solicitation documentation; service-level agreements; developer incident response plan; other relevant documents or records]. Interview: [select from: Organizational personnel with system and services acquisition responsibilities; organizational personnel with information security responsibilities; system developer]. |
