SA-17(6): Structure for Testing

CSF v1.1 References:

CSF v2.0 References:

Baselines:

(Not part of any baseline)

Previous Version:

Control Statement

Require the developer of the system, system component, or system service to structure security-relevant hardware, software, and firmware to facilitate testing.

Supplemental Guidance

Applying the security design principles in SP 800-160-1 promotes complete, consistent, and comprehensive testing and evaluation of systems, system components, and services. The thoroughness of such testing contributes to the evidence produced to generate an effective assurance case or argument as to the trustworthiness of the system, system component, or service.