CMMC v2.0
3.13 SYSTEM AND COMMUNICATIONS PROTECTION
SC.L2-3.13.2
Employ architectural designs software development techniques and systems engineering principles that promote effective information security within organizational systems
Organizations apply systems security engineering principles to new development systems or systems undergoing major upgrades. For legacy systems organizations apply systems security engineering principles to system upgrades and modifications to the extent feasible given the current state of hardware software and firmware components within those systems. The application of systems security engineering concepts and principles helps to develop trustworthy secure and resilient systems and system components and reduce the susceptibility of organizations to disruptions hazards and threats. Examples of these concepts and principles include developing layered protections; establishing security policies architecture and controls as the foundation for design; incorporating security requirements into the system development life cycle; delineating physical and logical security boundaries; ensuring that developers are trained on how to build secure software; and performing threat modeling to identify use cases threat agents attack vectors and patterns design patterns and compensating controls needed to mitigate risk. Organizations that apply security engineering concepts and principles can facilitate the development of trustworthy secure systems system components and system services; reduce risk to acceptable levels; and make informed risk-management decisions.[SP 800-160-1] provides guidance on systems security engineering
Click here to Start your FREE trial today!
What is a Cybersecurity Compliance Framework?
You don’t need to clutter your security and privacy programs with an ever-increasing number of tools as they become more sophisticated. The Lionfish platform offers a one-stop solution to track progress and monitor any framework, from custom-built ones to highly-specialized and in-demand top security and privacy frameworks and certifications.
With the Lionfish platform, every framework is supported with guided scoping, policies, controls, automated evidence collection, and continuous monitoring, ensuring efficient preparation for audits or attestation in minimal time.
The Lionfish platform is compatible with a wide range of security and privacy frameworks, including:
- CMMC v2
- HIPAA
- NERC CIP-002 through CIP-014 Revision 6
- NIST 800-171
- NIST 800-172
- PCI (Payment Card Industry Security Standard)
- SOC 2
- NIST 800-53
- NIST SP800-161 Supply Chain Risk Management
- NIST-CSF
- CIS Framework Controls V8
Click here to Start your FREE trial today!