SA-17(1) - Developer Security and Privacy Architecture and Design | Formal Policy Model

Require the developer of the system, system component, or system service to: (a) Produce, as an integral part of the development process, a formal policy model describing the [Assignment: organization-defined elements of organizational security and privacy policy] to be enforced; and (b) Prove that the formal policy model is internally consistent and sufficient to enforce the defined elements of the organizational security and privacy policy when implemented.


Informational References

ISO 27001

ID: SA-17(1)
Enhancement of : SA-17

Countermeasures Covered by Control

ID Name Description D3FEND

Space Threats Tagged by Control

ID Description

Sample Requirements

Requirement Rationale/Additional Guidance/Notes

Related SPARTA Techniques and Sub-Techniques

ID Name Description