๐ผ SA-17(3) Developer Security and Privacy Architecture and Design | Formal Correspondence
- Contextual name: ๐ผ SA-17(3) Developer Security and Privacy Architecture and Design | Formal Correspondence
- ID:
/frameworks/nist-sp-800-53-r5/sa/17/03 - Located in: ๐ผ SA-17 Developer Security and Privacy Architecture and Design
Descriptionโ
Require the developer of the system, system component, or system service to: (a) Produce, as an integral part of the development process, a formal top-level specification that specifies the interfaces to security-relevant hardware, software, and firmware in terms of exceptions, error messages, and effects; (b) Show via proof to the extent feasible with additional informal demonstration as necessary, that the formal top-level specification is consistent with the formal policy model; (c) Show via informal demonstration, that the formal top-level specification completely covers the interfaces to security-relevant hardware, software, and firmware; (d) Show that the formal top-level specification is an accurate description of the implemented security-relevant hardware, software, and firmware; and (e) Describe the security-relevant hardware, software, and firmware mechanisms not addressed in the formal top-level specification but strictly internal to the security-relevant hardware, software, and firmware.
Similarโ
- Internal
- ID:
dec-c-061cad30
- ID:
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|