Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

sa-17(4)

developer security architecture and design  | informal correspondence

assessment objective:

Determine if the organization requires the developer of the information system, system component, or information system service to:

sa-17(4)(a)

produce, as an integral part of the development process, an informal descriptive top-level specification that specifies the interfaces to security-relevant hardware, software, and firmware in terms of:

sa-17(4)(a)[1]

exceptions;

sa-17(4)(a)[2]

error messages;

sa-17(4)(a)[3]

effects;

sa-17(4)(b)

show via informal demonstration and/or convincing argument with formal methods as feasible that the descriptive top-level specification is consistent with the formal policy model;

sa-17(4)(c)

show via informal demonstration, that the descriptive top-level specification completely covers the interfaces to security-relevant hardware, software, and firmware;

sa-17(4)(d)

show that the descriptive top-level specification is an accurate description of the interfaces to the security-relevant hardware, software, and firmware; and

sa-17(4)(e)

describe the security-relevant hardware, software, and firmware mechanisms not addressed in the descriptive top-level specification but strictly internal to the security-relevant hardware, software, and firmware.

potential assessment methods and objects:

Examine: [select from: System and services acquisition policy; enterprise architecture policy; formal policy model; procedures addressing developer security architecture and design specification for the information system;  solicitation documentation; acquisition documentation; service-level agreements; acquisition contracts for the information system, system component, or information system service; informal descriptive top-level specification documentation; information system security architecture and design documentation; information system design documentation; information system configuration settings and associated documentation; documentation describing security-relevant hardware, software and firmware mechanisms not addressed in the informal descriptive top-level specification documentation; other relevant documents or records].

Interview: [select from: Organizational personnel with system and services acquisition responsibilities; organizational personnel with information security responsibilities; system developer; organizational personnel with security architecture and design responsibilities].