CM.AW-P3: System/product/service design enables data processing visibility

The organization: Develops an information security architecture for the information system that: Describes the overall philosophy, requirements, and approach to be taken with regard to protecting the confidentiality, integrity, and availability of organizational information; Describes how the information security architecture is integrated into and supports the enterprise architecture; and Describes any information security assumptions about,…

The organization requires the developer of the information system, system component, or information system service to produce a design specification and security architecture that: Is consistent with and supportive of the organization’s security architecture which is established within and is an integrated part of the organization’s enterprise architecture; Accurately and completely describes the required security…