|
controlSA-17
Developer Security and Privacy Architecture and Design (SA-17)
Require the developer of the system, system component, or system service to produce a design specification and security and privacy architecture that:
Security Baselines
HIGHLOWMODERATE
acquisitionsdlcservicessupply-chain
Why These Connect
Baselined In1
This control is included in the linked security baseline (LOW, MODERATE, or HIGH).
Supports33
These related controls work together — a change to one may affect the others.
Enhances9
These enhancements add specific capabilities or refinements to the base control.
Related Controls(17)
AC-3Access Enforcement (AC-3)
LMH
AC-4Information Flow Enforcement (AC-4)MH
AC-5Separation of Duties (AC-5)MH
AC-6Least Privilege (AC-6)MH
AC-25Reference Monitor (AC-25)CM-12Information Location (CM-12)MH
PL-2System Security and Privacy Plans (PL-2)LMH
PL-8Security and Privacy Architectures (PL-8)MH
PM-7Enterprise Architecture (PM-7)SA-3System Development Life Cycle (SA-3)LMH
SA-4Acquisition Process (SA-4)LMH
SA-5System Documentation (SA-5)LMH
SA-8Security and Privacy Engineering Principles (SA-8)LMH
SA-11Developer Testing and Evaluation (SA-11)MH
SC-7Boundary Protection (SC-7)LMH
SA-24Design For Cyber Resiliency (SA-24)SC-3Security Function Isolation (SC-3)H
Control Enhancements(9)
SA-17(1)Formal Policy Model (SA-17(1))SA-17(2)Security-relevant Components (SA-17(2))SA-17(3)Formal Correspondence (SA-17(3))SA-17(4)Informal Correspondence (SA-17(4))SA-17(5)Conceptually Simple Design (SA-17(5))SA-17(6)Structure for Testing (SA-17(6))SA-17(7)Structure for Least Privilege (SA-17(7))SA-17(8)Orchestration (SA-17(8))SA-17(9)Design Diversity (SA-17(9))