SA-21 - Developer Screening

Require that the developer of [Assignment: organization-defined system, system component, or system service]: a. Has appropriate access authorizations as determined by assigned [Assignment: organization-defined official government duties]; and b. Satisfies the following additional personnel screening criteria: [Assignment: organization-defined additional personnel screening criteria].


Informational References

ISO 27001

ID: SA-21
Enhancements: 

Countermeasures Covered by Control

ID Name Description D3FEND

Space Threats Tagged by Control

ID Description

Sample Requirements

Requirement Rationale/Additional Guidance/Notes
The [organization] shall describe the process used to ensure that development team members working on the  spacecrafts have appropriate access authorizations and satisfy [organization] defined screening that commensurate with increasing level of risk and responsibility for access to, or use of, different levels of sensitive information.{SA-21}

Related SPARTA Techniques and Sub-Techniques

ID Name Description