SA-21(1): Validation Of Screening

CSF v1.1 References:

Baselines:

(Not part of any baseline)

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: SA-21: Developer Screening.

Control Statement

The organization requires the developer of the information system, system component, or information system service take [Assignment: organization-defined actions] to ensure that the required access authorizations and screening criteria are satisfied.

Supplemental Guidance

Satisfying required access authorizations and personnel screening criteria includes, for example, providing a listing of all the individuals authorized to perform development activities on the selected information system, system component, or information system service so that organizations can validate that the developer has satisfied the necessary authorization and screening requirements.