Review of Software Design to Verify Compliance with Security Requirements and Risk Information, v1.1
Specifies requirements in accordance with NIST Secure Software Development Framework (SSDF), version 1.1, Practice PW.2: Review of Software Design to Verify Compliance with Security Requirements and Risk Information. Requires an organization to help ensure that the software will meet the security requirements and satisfactorily address the identified risk information.
Assessment Step
|
1
Software Security Design Review (SoftwareSecurityDesignReview)
Does the organization have 1) a qualified person (or people) who were not involved with the design and/or 2) automated processes instantiated in the toolchain review the software design to confirm and enforce that it meets all of the security requirements and satisfactorily addresses the identified risk information?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
|
Software Security Design Review
The organization must have 1) a qualified person (or people) who were not involved with the design and/or 2) automated processes instantiated in the toolchain review the software design to confirm and enforce that it meets all of the security requirements and satisfactorily addresses the identified risk information.
Citation
SSDF
Task PW.2.1
|