SA-17(6): Structure for Testing

Control Family:

System and Services Acquisition

Parent Control:

SA-17: Developer Security and Privacy Architecture and Design

CSF v1.1 References:

ID.AM-3

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SA-17(6): Structure For Testing

Control Statement

Require the developer of the system, system component, or system service to structure security-relevant hardware, software, and firmware to facilitate testing.

Supplemental Guidance

Applying the security design principles in SP 800-160-1 promotes complete, consistent, and comprehensive testing and evaluation of systems, system components, and services. The thoroughness of such testing contributes to the evidence produced to generate an effective assurance case or argument as to the trustworthiness of the system, system component, or service.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5