SV-MA-6 - Inadequate Security Planning/Design

Not planning for security on SV or designing in security from the beginning

ID: SV-MA-6

DiD Layer: Prevention

CAPEC #: 30 | 69

NIST Rev5 Control Tag Mapping: CP-4 | CP-4(5) | PL-2 | PL-8 | PL-8(1) | PM-30 | PM-30(1) | PM-32 | RA-3 | RA-3(1) | RA-3(3) | RA-9 | SA-2 | SA-8 | SA-8(9) | SA-8(14) | SA-8(15) | SA-8(18) | SA-8(21) | SA-8(22) | SA-8(23) | SA-8(24) | SA-9 | SA-9(6) | SA-9(7) | SA-10 | SA-10(7) | SA-17 | SC-16 | SC-16(2) | SI-4 | SI-4(25) | SI-7 | SI-7(17) | SI-10 | SI-10(6) | SR-1 | SR-2 | SR-2(1) | SR-3 | SR-5 | SR-7

Lowest Threat Tier to
Create Threat Event: I

Notional Risk Rank Score: 19

Informational References

TOR-2018-02275 - A Need for Robust Space Vehicle Cybersecurity

Low-Level Requirements

SPARTA ID	Requirement	Rationale/Additional Guidance/Notes
SPR-7	The [organization] shall document and design a security architecture using a defense-in-depth approach that allocates the [organization]s defined safeguards to the indicated locations and layers: [Examples include: operating system abstractions and hardware mechanisms to the separate processors in the platform, internal components, and the FSW].{SV-MA-6}{CA-9,PL-7,PL-8,PL-8(1),SA-8(3),SA-8(4),SA-8(7),SA-8(9),SA-8(11),SA-8(13),SA-8(19),SA-8(29),SA-8(30)}	Spacecraft security cannot rely on a single control; layered defenses reduce the likelihood of catastrophic compromise. Documenting safeguard allocation across hardware, OS, firmware, and FSW ensures coverage across attack surfaces. This supports resiliency against both cyber intrusion and supply chain weaknesses. Clear documentation enables verification and independent assessment.
SPR-8	The [organization] shall ensure that the allocated security safeguards operate in a coordinated and mutually reinforcing manner.{SV-MA-6}{CA-7(5),PL-7,PL-8(1),SA-8(19)}	Independent controls that operate in isolation may create security gaps or conflicting behaviors. Coordinated safeguards ensure that encryption, authentication, partitioning, and monitoring functions reinforce each other rather than undermine availability or safety. This reduces bypass risk and improves fault/cyber response integration. Cohesive operation is essential for resilient mission assurance.
SPR-9	The [organization] shall implement a security architecture and design that provides the required security functionality, allocates security controls among physical and logical components, and integrates individual security functions, mechanisms, and processes together to provide required security capabilities and a unified approach to protection.{SV-MA-6}{PL-7,SA-2,SA-8,SA-8(1),SA-8(2),SA-8(3),SA-8(4),SA-8(5),SA-8(6),SA-8(7),SA-8(9),SA-8(11),SA-8(13),SA-8(19),SA-8(29),SA-8(30),SC-32,SC-32(1)}	Security functionality must be intentionally distributed across physical and logical components rather than bolted on post-design. A unified architecture prevents inconsistent enforcement, duplicated controls, or unprotected interfaces. Integrated design reduces attack surface and improves verification of mission-critical protections.
SPR-27	The [spacecraft] shall define the security functions and security-relevant information for which the system must protect from unauthorized access.{SV-MA-4,SV-MA-6}{AC-6(1),SA-8(19),SC-7(13),SC-16}	Clearly identifying security-relevant functions ensures protections are applied to the correct assets. Undefined security boundaries create ambiguity and inconsistent enforcement. Explicit definition supports verification, testing, and threat modeling. This forms the basis for risk-informed control allocation.
SPR-257	The [organization] shall analyze changes to the spacecraft to determine potential security impacts prior to change implementation.{SV-MA-6,SV-SP-9}{CM-4,CM-3,CM-3(2),CM-3(7),CM-4(2),SA-10}	Changes to spacecraft configuration may introduce unintended vulnerabilities. Pre-implementation impact analysis prevents security regression. Structured review ensures modifications align with risk tolerance. Change control supports mission assurance.
SPR-290	The [organization] shall document risk assessment results in risk assessment report upon completion of each risk assessment.{SV-MA-6}{RA-3,RA-7}	Formal documentation preserves rationale for decisions. Traceability enables future reassessment. Written records support compliance. Documentation strengthens transparency.
SPR-297	The [organization] shall require the developer to conduct an attack surface analysis on the spacecraft architecture to identify and reduce attack surfaces to the lowest possible level that still permits the system to meet performance requirements/mission objectives.{SV-MA-6,SV-SP-1}{SA-11(6),SA-15(5)}	Embedding surface reduction into architecture strengthens foundational security. Early analysis prevents costly retrofits. Developer accountability ensures security by design. Integrated evaluation improves mission readiness.
SPR-298	The [organization] shall require the developer to use threat modeling, attack surface analysis, and vulnerability analysis to inform the current development process using analysis from similar systems, components, or services where applicable.{SV-MA-6,SV-SP-1}{SA-15(8)}	Threat modeling anticipates adversary tactics. Early design adaptation reduces vulnerability exposure. Learning from similar systems improves efficiency. Proactive analysis reduces downstream risk.
SPR-299	The [organization] shall develop, document, and maintain under configuration control, a current baseline configuration of the spacecrafts.{SV-SP-9,SV-MA-6}{CM-2,CM-3(7),CM-4(2),CM-6,SA-8(30),SA-10}	Configuration control ensures traceability of hardware and software states. Unauthorized changes undermine security posture. Accurate baselines enable recovery and audit. Governance depends on configuration integrity.
SPR-301	The [organization] shall develop a security plan for the spacecraft.{SV-MA-6}{PL-2,PL-7,PM-1,SA-8(29),SA-8(30)}	A comprehensive security plan aligns controls with mission objectives. Clear articulation ensures consistent implementation. Planning integrates security into operations. Formal documentation strengthens accountability.
SPR-302	The [organization] shall document the platform's security architecture, and how it is established within and is an integrated part of the overall [organization] mission security architecture.{SV-MA-6,SV-MA-4}{PL-7,SA-8(7),SA-8(13),SA-8(29),SA-8(30),SA-17}	Architecture documentation provides structural clarity. Integration into enterprise mission security ensures alignment. Clear documentation reduces misinterpretation. Transparency strengthens lifecycle governance.
SPR-303	The [organization] shall protect the security plan from unauthorized disclosure and modification.{SV-MA-6}{AC-3,PL-2,PL-7}	Exposure of architecture details increases adversary advantage. Protecting documentation reduces reconnaissance risk. Controlled access ensures integrity. Governance must secure sensitive planning artifacts.
SPR-320	The [organization] shall develop and document program-specific configuration management policies and procedures for the hardware and software for the spacecraft. {SV-SP-9,SV-MA-6}{CM-1,CM-3,CM-5(6),SA-10,SA-10(3)}	Clear configuration governance prevents unauthorized modification. Policy-backed processes ensure consistency. Lifecycle control supports traceability. Managed change reduces mission risk.
SPR-335	The [organization] shall document the spacecraft's security architecture, and how it is established within and is an integrated part of the Program's mission security architecture.{SV-MA-6}{SA-17}
SPR-373	The [organization] shall develop and document program-specific risk assessment policies. {SV-MA-6}{RA-1}	Formal risk governance ensures consistent evaluation. Documented methodology enhances transparency. Periodic reassessment maintains relevance. Risk management underpins mission assurance.
SPR-376	The [organization] shall implement an A&A process that establishes the extent to which a particular design and implementation meet a set of specified security requirements defined by the organization, government guidelines, and federal mandates.{SV-MA-6,SV-DCO-1}{CA-2}	Structured authorization ensures design compliance prior to deployment. Formal assessment reduces oversight gaps. Defined requirements provide measurable criteria. Governance supports mission confidence.
SPR-379	The [organization] shall conduct specialized assessments that are specifically tailored for space systems or space missions more generally, as opposed to traditional terrestrial IT systems.{SV-MA-6}{CA-2(2)}	Space missions require threat models distinct from terrestrial IT. Tailored assessments address unique operational constraints. Specialized evaluation improves relevance. Mission-specific review strengthens assurance.
SPR-381	The [organization] shall designate an authorizing official for the system.{SV-MA-6}{CA-6}	These officials must be federal employees, and are responsible for reviewing the security authorization package, assessing the risks, and making the decision to authorize system operation. They shall ensure compliance with relevant organizational policies and standards and are accountable for the decision to accept the risks associated with operating the system. The authorizing officials must be empowered with the authority to oversee and enforce the implementation and maintenance of security controls in accordance with organizational requirements and applicable regulations.
SPR-382	The [organization] shall categorize the system and information it processes in accordance with FIPS 199.{SV-MA-6}{RA-2}	Impact categorization guides control selection. Formal classification ensures proportional protection. Defined impact levels strengthen risk alignment. Compliance supports federal mandate adherence.
SPR-409	The [organization] shall ensure security representatives are included in all change control board reviews and decisions.{SV-MA-6}{CM-3(4),SA-10(7)}	Security oversight during change decisions prevents risk oversight. Cross-functional review reduces blind spots. Integrated governance balances operational urgency with protection. Participation ensures consistent enforcement.
SPR-423	The [organization] shall develop, document, and implement a Configuration Management Plan for the spacecraft that defines the processes, procedures, and responsibilities for managing configuration changes and ensuring the security of the system.{SV-MA-6,SV-SP-4}{CM-9}	A formal CMP defines structured change governance. Clear roles and procedures reduce ambiguity. Lifecycle configuration control supports security enforcement. Documented processes strengthen compliance.
SPR-424	The [organization] shall ensure that all personnel involved in configuration management activities are trained and follow the procedures outlined in the Configuration Management Plan.{SV-MA-6}{CM-9}	Effective CM requires knowledgeable practitioners. Training ensures adherence to documented procedures. Skilled personnel reduce configuration drift. Governance effectiveness depends on execution.
SPR-425	The [organization] shall regularly update the Configuration Management Plan to reflect changes in the information system and to align with evolving security requirements.{SV-MA-6}{CM-9}	Evolving threats necessitate plan updates. Regular revision maintains relevance. Continuous improvement supports adaptive defense. Governance must remain dynamic.
SPR-427	The [organization] shall identify the appropriate control baseline (NIST or CNSS) for the spacecraft based on mission information types and associated impact.{SV-MA-6}{PL-10}	Selecting correct baseline ensures proportional protection. Mission impact drives control rigor. Structured alignment supports compliance. Accurate baseline selection strengthens assurance. Space Platform Overlay (CNSS 1253 Appendix F is recommended)
SPR-428	The [organization] shall develop and implement a process for tailoring the control baseline for the spacecraft in accordance with organizational requirements (e.g.CNSS Space Overlay or similar).{SV-MA-6}{PL-11}	Tailoring aligns controls with mission architecture and threat model. Structured customization prevents over- or under-protection. Governance ensures justified deviations. Tailoring improves efficiency and resilience.
SPR-429	The [organization] shall develop, document, and implement policies that outline security planning processes such as writing rules of behavior, conops documentation, control baseline selection/tailoring, and similar activities that require advanced planning.{SV-MA-6}{PL-11}	Advanced planning integrates security into operational doctrine. Documented processes ensure consistency. Structured governance reduces ambiguity. Preparation strengthens mission readiness.
SPR-472	The [organization] shall define mission and business processes that map mission objectives to space-segment security requirements, including safe-mode criteria, secure uplink and downlink obligations, and recovery procedures, and shall baseline these processes under configuration control.{SV-MA-6,SV-AV-5}{PM-11,PL-2,CM-2}	Security must align with mission objectives. Explicit mapping ensures safe-mode criteria and communication obligations are controlled. Baseline governance prevents undocumented deviations. Integration supports mission assurance.
SPR-473	The [organization] shall establish a threat awareness program that provides mission-relevant cyber and EW threat briefings and advisories to spacecraft engineering, integration, and operations personnel at an [organization]-defined frequency, and shall track completion.{SV-MA-6}{PM-16}	Continuous threat awareness informs engineering decisions. Structured briefings reduce blind spots. Tracking completion ensures accountability. Knowledge improves preparedness.
SPR-478	The [organization] shall map supplier failure impact to mission functions and assign risk-based oversight and acceptance criteria.{SV-SP-4,SV-MA-6}{PM-30(1),SR-2,RA-3}	Understanding supplier failure impact informs oversight priority. Risk-based criteria ensure proportional governance. Structured assessment prevents blind spots. Supply chain risk alignment strengthens mission resilience.
SPR-479	The [organization] shall define, baseline, and maintain the purposing of the space platform and link segment, including intended objectives, authorized capabilities, prohibited functions, and operational constraints, and shall use this baseline to bound requirements, updates, and on-orbit operations.{SV-AC-8,SV-MA-6}{PM-32,PL-8}	Defining authorized and prohibited functions prevents scope creep. Clear purposing bounds updates and operational use. Governance limits misuse potential. Structured baseline supports disciplined operations.
SPR-526	The [organization] shall tie go/no‑go authorizations to verified artifacts (flatsat/twin results, signed images, key ceremonies) and define how authorization boundaries adjust under contingency conditions; evidence shall be captured for A&A.{SV-MA-6,SV-SP-9}{CA-1,PL-2,CM-3}	Flight decisions must rely on validated artifacts. Evidence capture strengthens compliance. Contingency adjustments must remain controlled. Governance alignment supports mission safety.
SPR-529	The [organization] shall define freeze windows around launch/maneuvers/high‑risk events, specify exception criteria and approvers, and require chunking, rate limits, checksum/signature gates, and telemetry cues that confirm final state when changes occur within a freeze.{SV-MA-6,SV-SP-9}{CM-3,CM-3(5),CM-5}	Operational stability requires disciplined change control. Freeze periods reduce compounding risk. Defined exceptions preserve agility. Structured boundaries protect mission safety.

ID	Name	Description	NIST Rev5	D3FEND	ISO 27001
CM0020	Threat modeling	Use threat modeling, attack surface analysis, and vulnerability analysis to inform the current development process using analysis from similar systems, components, or services where applicable. Reduce attack surface where possible based on threats.	CA-3 \| CM-4 \| CP-2 \| PL-8 \| PL-8(1) \| RA-3 \| SA-11 \| SA-11(2) \| SA-11(3) \| SA-11(6) \| SA-15(6) \| SA-15(8) \| SA-2 \| SA-3 \| SA-4(9) \| SA-8 \| SA-8(25) \| SA-8(30)	D3-AI \| D3-AVE \| D3-SWI \| D3-HCI \| D3-NM \| D3-LLM \| D3-ALLM \| D3-PLLM \| D3-PLM \| D3-APLM \| D3-PPLM \| D3-SYSM \| D3-DEM \| D3-SVCDM \| D3-SYSDM \|	A.5.14 \| A.8.21 \| A.8.9 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.2 \| A.5.29 \| A.8.1 \| A.5.8 \| 6.1.2 \| 8.2 \| 9.3.2 \| A.8.8 \| A.5.2 \| A.5.8 \| A.8.25 \| A.8.31 \| A.8.27 \| A.8.28 \| A.8.29 \| A.8.30
CM0022	Criticality Analysis	Conduct a criticality analysis to identify mission critical functions, critical components, and data flows and reduce the vulnerability of such functions and components through secure system design. Focus supply chain protection on the most critical components/functions. Leverage other countermeasures like segmentation and least privilege to protect the critical components.	CM-4 \| CP-2 \| CP-2(8) \| PL-7 \| PL-8 \| PL-8(1) \| PM-11 \| PM-17 \| PM-30 \| PM-30(1) \| PM-32 \| RA-3 \| RA-3(1) \| RA-9 \| SA-11 \| SA-11(3) \| SA-15(3) \| SA-2 \| SA-3 \| SA-4(5) \| SA-4(9) \| SA-8 \| SA-8(25) \| SA-8(3) \| SA-8(30) \| SC-32(1) \| SC-7(29) \| SR-1 \| SR-2 \| SR-2(1) \| SR-3 \| SR-3(2) \| SR-3(3) \| SR-5(1) \| SR-7	D3-AVE \| D3-OSM \| D3-IDA \| D3-SJA \| D3-AI \| D3-DI \| D3-SWI \| D3-NNI \| D3-HCI \| D3-NM \| D3-PLM \| D3-AM \| D3-SYSM \| D3-SVCDM \| D3-SYSDM \| D3-SYSVA \| D3-OAM \| D3-ORA \|	A.8.9 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.2 \| A.5.29 \| A.8.1 \| A.5.30 \| 8.1 \| A.5.8 \| A.5.8 \| 4.4 \| 6.2 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| 10.2 \| 6.1.2 \| 8.2 \| 9.3.2 \| A.8.8 \| A.5.22 \| A.5.2 \| A.5.8 \| A.8.25 \| A.8.31 \| A.8.27 \| A.8.28 \| A.8.29 \| A.8.30 \| 5.2 \| 5.3 \| 7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.1 \| A.5.2 \| A.5.4 \| A.5.19 \| A.5.31 \| A.5.36 \| A.5.37 \| A.5.19 \| A.5.20 \| A.5.21 \| A.8.30 \| A.5.20 \| A.5.21 \| A.5.22
CM0074	Distributed Constellations	A distributed system uses a number of nodes, working together, to perform the same mission or functions as a single node. In a distributed constellation, the end user is not dependent on any single satellite but rather uses multiple satellites to derive a capability. A distributed constellation can complicate an adversary’s counterspace planning by presenting a larger number of targets that must be successfully attacked to achieve the same effects as targeting just one or two satellites in a less-distributed architecture. GPS is an example of a distributed constellation because the functioning of the system is not dependent on any single satellite or ground station; a user can use any four satellites within view to get a time and position fix.* *https://csis-website-prod.s3.amazonaws.com/s3fs-public/publication/210225_Harrison_Defense_Space.pdf?N2KWelzCz3hE3AaUUptSGMprDtBlBSQG	CP-10(6) \| CP-11 \| CP-13 \| CP-2 \| CP-2(2) \| CP-2(3) \| CP-2(5) \| CP-2(6) \| PE-21	D3-AI \| D3-NNI \| D3-SYSM \| D3-DEM \| D3-SVCDM \| D3-SYSVA \|	7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.2 \| A.5.29 \| A.8.1 \| A.8.6 \| A.5.29 \| A.5.29
CM0075	Proliferated Constellations	Proliferated satellite constellations deploy a larger number of the same types of satellites to similar orbits to perform the same missions. While distribution relies on placing more satellites or payloads on orbit that work together to provide a complete capability, proliferation is simply building more systems (or maintaining more on-orbit spares) to increase the constellation size and overall capacity. Proliferation can be an expensive option if the systems being proliferated are individually expensive, although highly proliferated systems may reduce unit costs in production from the learning curve effect and economies of scale.* *https://csis-website-prod.s3.amazonaws.com/s3fs-public/publication/210225_Harrison_Defense_Space.pdf?N2KWelzCz3hE3AaUUptSGMprDtBlBSQG	CP-10(6) \| CP-11 \| CP-13 \| CP-2 \| CP-2(2) \| CP-2(3) \| CP-2(5) \| CP-2(6) \| PE-21	D3-AI \| D3-NNI \| D3-SYSM \| D3-DEM \| D3-SVCDM \| D3-SYSVA \|	7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.2 \| A.5.29 \| A.8.1 \| A.8.6 \| A.5.29 \| A.5.29
CM0076	Diversified Architectures	In a diversified architecture, multiple systems contribute to the same mission using platforms and payloads that may be operating in different orbits or in different domains. For example, wideband communications to fixed and mobile users can be provided by the military’s WGS system, commercial SATCOM systems, airborne communication nodes, or terrestrial networks. The Chinese BeiDou system for positioning, navigation, and timing uses a diverse set of orbits, with satellites in geostationary orbit (GEO), highly inclined GEO, and medium Earth orbit (MEO). Diversification reduces the incentive for an adversary to attack any one of these systems because the impact on the overall mission will be muted since systems in other orbits or domains can be used to compensate for losses. Moreover, attacking space systems in diversified orbits may require different capabilities for each orbital regime, and the collateral damage from such attacks, such as orbital debris, could have a much broader impact politically and economically.* *https://csis-website-prod.s3.amazonaws.com/s3fs-public/publication/210225_Harrison_Defense_Space.pdf?N2KWelzCz3hE3AaUUptSGMprDtBlBSQG	CP-11 \| CP-13 \| CP-2 \| CP-2(2) \| CP-2(3) \| CP-2(5) \| CP-2(6)	D3-AI \| D3-NNI \| D3-SYSM \| D3-DEM \| D3-SVCDM \| D3-SYSVA \|	7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.2 \| A.5.29 \| A.8.1 \| A.8.6 \| A.5.29 \| A.5.29
CM0047	Operating System Security	Ensure spacecraft's operating system is scrutinized/whitelisted and has received adequate software assurance previously. The operating system should be analyzed for its attack surface and non-utilized features should be stripped from the operating system. Many real-time operating systems contain features that are not necessary for spacecraft operations and only increase the attack surface.	CM-11(3) \| CM-7 \| CM-7(5) \| CM-7(8) \| PL-8 \| PL-8(1) \| SA-15(6) \| SA-3 \| SA-4(5) \| SA-4(9) \| SA-8 \| SA-8(19) \| SA-8(30) \| SI-3(8)	D3-AVE \| D3-OSM \| D3-EHB \| D3-SDM \| D3-SFA \| D3-SBV \| D3-PA \| D3-SCA \| D3-FCA \|	A.8.19 \| A.8.19 \| A.5.8 \| A.5.2 \| A.5.8 \| A.8.25 \| A.8.31 \| A.8.27 \| A.8.28
CM0042	Robust Fault Management	Ensure fault management system cannot be used against the spacecraft. Examples include: safe mode with crypto bypass, orbit correction maneuvers, affecting integrity of telemetry to cause action from ground, or some sort of proximity operation to cause spacecraft to go into safe mode. Understanding the safing procedures and ensuring they do not put the spacecraft in a more vulnerable state is key to building a resilient spacecraft.	CP-2 \| CP-4(5) \| IR-3 \| IR-3(1) \| IR-3(2) \| PE-10 \| PE-11 \| PE-11(1) \| PE-14 \| PL-8 \| PL-8(1) \| SA-3 \| SA-4(5) \| SA-8 \| SA-8(13) \| SA-8(24) \| SA-8(26) \| SA-8(3) \| SA-8(30) \| SA-8(4) \| SC-16(2) \| SC-24 \| SC-5 \| SI-13 \| SI-13(4) \| SI-17 \| SI-4(13) \| SI-4(7) \| SI-7(5)	D3-AH \| D3-EHPV \| D3-PSEP \| D3-PH \| D3-SCP \|	7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.2 \| A.5.29 \| A.8.1 \| A.7.11 \| A.7.11 \| A.7.5 \| A.7.8 \| A.7.11 \| A.5.8 \| A.5.2 \| A.5.8 \| A.8.25 \| A.8.31 \| A.8.27 \| A.8.28 \| A.8.16
CM0044	Cyber-safe Mode	Provide the capability to enter the spacecraft into a configuration-controlled and integrity-protected state representing a known, operational cyber-safe state (e.g., cyber-safe mode). Spacecraft should enter a cyber-safe mode when conditions that threaten the platform are detected. Cyber-safe mode is an operating mode of a spacecraft during which all nonessential systems are shut down and the spacecraft is placed in a known good state using validated software and configuration settings. Within cyber-safe mode, authentication and encryption should still be enabled. The spacecraft should be capable of reconstituting firmware and software functions to pre-attack levels to allow for the recovery of functional capabilities. This can be performed by self-healing, or the healing can be aided from the ground. However, the spacecraft needs to have the capability to replan, based on equipment still available after a cyber-attack. The goal is for the spacecraft to resume full mission operations. If not possible, a reduced level of mission capability should be achieved. Cyber-safe mode software/configuration should be stored onboard the spacecraft in memory with hardware-based controls and should not be modifiable.	CP-10 \| CP-10(4) \| CP-12 \| CP-2 \| CP-2(5) \| IR-3 \| IR-3(1) \| IR-3(2) \| IR-4 \| IR-4(12) \| IR-4(3) \| PE-10 \| PE10 \| PL-8 \| PL-8(1) \| SA-3 \| SA-8 \| SA-8(10) \| SA-8(12) \| SA-8(13) \| SA-8(19) \| SA-8(21) \| SA-8(23) \| SA-8(24) \| SA-8(26) \| SA-8(3) \| SA-8(4) \| SC-16(2) \| SC-24 \| SC-5 \| SI-11 \| SI-17 \| SI-4(7) \| SI-7(17) \| SI-7(5)	D3-PH \| D3-EI \| D3-NI \| D3-BA \|	7.5.1 \| 7.5.2 \| 7.5.3 \| A.5.2 \| A.5.29 \| A.8.1 \| A.5.29 \| A.5.25 \| A.5.26 \| A.5.27 \| A.7.11 \| A.5.8 \| A.5.2 \| A.5.8 \| A.8.25 \| A.8.31 \| A.8.27 \| A.8.28

SV-MA-6 - Inadequate Security Planning/Design

Informational References

High-Level Requirements

Low-Level Requirements

Related SPARTA Techniques and Sub-Techniques

Related SPARTA Countermeasures