SA-17(1) - Developer Security and Privacy Architecture and Design | Formal Policy Model

Require the developer of the system, system component, or system service to: (a) Produce, as an integral part of the development process, a formal policy model describing the [Assignment: organization-defined elements of organizational security and privacy policy] to be enforced; and (b) Prove that the formal policy model is internally consistent and sufficient to enforce the defined elements of the organizational security and privacy policy when implemented.


Informational References

ID: SA-17(1)
Enhancement of : SA-17
Created: 2023/05/08
Last Modified: 2023/05/08

Countermeasures Covered by Control

ID Name Description

Space Threats Tagged by Control

ID Description

Sample Requirements

Requirement

Related SPARTA Techniques and Sub-Techniques

ID Name Description