SA-17(2): Security-relevant Components

Control Family:

System and Services Acquisition

Parent Control:

SA-17: Developer Security and Privacy Architecture and Design

CSF v1.1 References:

ID.AM-3

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SA-17(2): Security-Relevant Components

Control Statement

Require the developer of the system, system component, or system service to:

Define security-relevant hardware, software, and firmware; and
Provide a rationale that the definition for security-relevant hardware, software, and firmware is complete.

Supplemental Guidance

The security-relevant hardware, software, and firmware represent the portion of the system, component, or service that is trusted to perform correctly to maintain required security properties.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5