SA-8(16): Self-reliant Trustworthiness

CSF v1.1 References:


(Not part of any baseline)

Info icon.

Control is new to this version of the control set.

Control Statement

Implement the security design principle of self-reliant trustworthiness in [Assignment: organization-defined systems or system components].

Supplemental Guidance

The principle of self-reliant trustworthiness states that systems minimize their reliance on other systems for their own trustworthiness. A system is trustworthy by default, and any connection to an external entity is used to supplement its function. If a system were required to maintain a connection with another external entity in order to maintain its trustworthiness, then that system would be vulnerable to malicious and non-malicious threats that could result in the loss or degradation of that connection. The benefit of the principle of self-reliant trustworthiness is that the isolation of a system will make it less vulnerable to attack. A corollary to this principle relates to the ability of the system (or system component) to operate in isolation and then resynchronize with other components when it is rejoined with them.