NIST 800-53_SA-17(3)

Lionfish Cyber Security | June 2nd 2022 |

NIST 800-53

System and Services Acquisitions

SA-17(3)

Developer Security and Privacy Architecture and Design Formal Correspondence

Require the developer of the system system component or system service to:(a) Produce as an integral part of the development process a formal top-level specification that specifies the interfaces to security-relevant hardware software and firmware in terms of exceptions error messages and effects;(b) Show via proof to the extent feasible with additional informal demonstration as necessary that the formal top-level specification is consistent with the formal policy model;(c) Show via informal demonstration that the formal top-level specification completely covers the interfaces to security-relevant hardware software and firmware;(d) Show that the formal top-level specification is an accurate description of the implemented security-relevant hardware software and firmware; and(e) Describe the security-relevant hardware software and firmware mechanisms not addressed in the formal top-level specification but strictly internal to the security-relevant hardware software and firmware.

 

Click here to Start your FREE trial today!

Explainer video

 

What is a Cybersecurity Compliance Framework?

You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.

With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.

The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:

Click here to Start your FREE trial today!

Explainer video