Employ independent assessors or assessment teams to conduct control assessments.
ID | Name | Description | D3FEND |
ID | Description |
Requirement | Rationale/Additional Guidance/Notes |
---|---|
The [organization] shall employ independent third-party analysis and penetration testing of all software (COTS, FOSS, Custom)Â associated with the system, system components, or system services.{CA-2,CA-2(1),CA-8(1),CM-10(1),SA-9,SA-11(3),SA-12(11),SI-3,SI-3(10),SR-4(4),SR-6(1)} | |
The [organization] shall conduct control assessments of the information system using independent assessors.{CA-2(1)} | Independent assessors shall be individuals or entities external to the operational chain of command and not involved in the development, implementation, or operations of the system under assessment. |
The [organization] shall establish and maintain processes to manage and oversee independent assessors, including their qualifications, roles, and responsibilities.{CA-2(1),CA-7(1)} | Independent assessors shall be individuals or entities external to the operational chain of command and not involved in the development, implementation, or operations of the system under assessment. |
ID | Name | Description |
---|