| TD: Developer Security Architecture And Design | Formal Correspondence

Developer Security Architecture And Design | Formal Correspondence | Top-Level Specification Is Accurate, v1.0

Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to show that the formal top-level specification is an accurate description of the implemented security-relevant hardware, software, and firmware.

If an assessment step references organization-defined elements (E.g. <organization-defined personnel or roles>, <organization-defined frequency>, etc.), corresponding citations/excerpts must be provided to confirm that the organization has established and documented these values and that they apply as referenced in the conformance criteria.

Similarly, if a "Selection" among multiple options (e.g. [Selection (one or more): as needed; ]) is specified, evidence must be provided to establish that the option(s) implemented by the organization have been defined and documented.

The assessment step shall not be marked as satisfied without this evidence.

Assessment Step

1 Developer Security Architecture And Design \| Formal Correspondence \| Top-Level Specification Is Accurate (DeveloperSecurityArchitectureAndDesignFormalCorrespondenceTop-LevelSpecificationIsAccurate) Does the organization require the developer of the information system, system component, or information system service to show that the formal top-level specification is an accurate description of the implemented security-relevant hardware, software, and firmware? Artifact A1 Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) that support the assessor's response to this assessment step.

If conformance criteria reference organization-defined elements (e.g. <organization-defined personnel or roles>, <organization-defined frequency>, etc.), these values must be defined and documented by the organization.

Similarly, if the criteria specify a "Selection" among multiple options (e.g. [Selection (one or more): as needed; ]), the option(s) implemented by the organization must also be defined and documented.

Conformance Criteria (1)

C1 The organization requires the developer of the information system, system component, or information system service to: (a) Produce, as an integral part of the development process, a formal top-level specification that specifies the interfaces to security-relevant hardware, software, and firmware in terms of exceptions, error messages, and effects; (b) Show via proof to the extent feasible with additional informal demonstration as necessary, that the formal top-level specification is consistent with the formal policy model; (c) Show via informal demonstration, that the formal top-level specification completely covers the interfaces to security-relevant hardware, software, and firmware; (d) Show that the formal top-level specification is an accurate description of the implemented security-relevant hardware, software, and firmware; and (e) Describe the security-relevant hardware, software, and firmware mechanisms not addressed in the formal top-level specification but strictly internal to the security-relevant hardware, software, and firmware. Citation SP800-53R4 Appendix F, SA-17 (3)

Show Metadata, Sources & Terms

Hide Metadata, Sources & Terms

Metadata

Identifier

https://artifacts.trustmarkinitiative.org/lib/tds/developer-security-architecture-and-design-_-formal-correspondence-_-top-level-specification-is-accurate/1.0/

Publication Date

2018-10-17

Issuing Organization

Trustmark Initiative (https://trustmarkinitiative.org/) View Contact

No Responder

help@trustmarkinitiative.org

404-407-8956

75 5th Street NW, Suite 900, Atlanta, GA 30308

Keywords

System and Services Acquisition, Security, Information Assurance, NIST, 800-53

Issuance Criteria

yes(ALL)

Target Stakeholder

Organizations that are interested in implementing or making use of digital information systems in a manner that complies with widely accepted information security standards and practices such as NIST Special Publication 800-53.

Target Recipient

Organizations that want to demonstrate that they provide and/or consume digital information services in a manner that complies with widely accepted information security standards and practices such as NIST Special Publication 800-53.

Target Relying Party

Organizations and individuals that require their trusted partners' computer and information systems to comply with widely accepted information security standards and practices such as NIST Special Publication 800-53.

Target Provider

Organizations that audit or evaluate other organizations for compliance with widely accepted information security standards and practices such as NIST Special Publication 800-53.

Provider Eligibility Criteria

Any organization or business entity may act as a Trustmark Provider for trustmarks under this Trustmark Definition.

Assessor Qualifications

Any individual employed or contracted by the Trustmark Provider may act as the assessor for trustmarks under this Trustmark Definition.

Trustmark Revocation Criteria

For any trustmark issued under this Trustmark Definition, the Trustmark Provider must revoke the trustmark upon any condition whereby one or more Conformance Criteria cease to be satisfied.

Extension Description

This Trustmark Definition requires no extension data.

Legal Notice

This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Sources (1)

SP800-53R4	NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4.

Terms (31)

Term Name	Abbreviations	Definition
Accreditation		The official management decision given by a senior organization official to authorize operation of an information system and to explicitly accept the risk to organization operations (including mission, functions, image, or reputation), organization assets, or individuals, based on the implementation of an agreed-upon set of security controls.
Authentication		Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.
Authorizing Official		Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to organization operations (including mission, functions, image, or reputation), organization assets, or individuals. Synonymous with Accreditation Authority.
Availability		Ensuring timely and reliable access to and use of information.
Certification		A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Confidentiality		Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
Environment		Aggregate of external procedures, conditions, and objects affecting the development, operation, and maintenance of an information system.
Incident		An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
Information		An instance of an information type; data.
Information Security		The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
Information System		A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
Information Technology		Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the organization. For purposes of the preceding sentence, equipment is used by an organization if the equipment is used by the organization directly or is used by a contractor under a contract with the organization which: (i) requires the use of such equipment; or (ii) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources.
Integrity		Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.
Management Controls		The security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information system security.
Media		Physical devices or writing surfaces including, but not limited to, magnetic tapes, optical disks, magnetic disks, Large-Scale Integration (LSI) memory chips, printouts (but not including display media) onto which information is recorded, stored, or printed within an information system.
Organization		An organized body of people with a particular purpose, especially a business, society, association, government agency, etc.
Potential Impact		The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect, a serious adverse effect, or a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
Records		All books, papers, maps, photographs, machine-readable materials, or other documentary materials, regardless of physical form or characteristics, made or received by an organization in connection with the transaction of business and preserved or appropriate for preservation by that organization or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations or other activities such as legal requirements or because of the informational value of the data in them.
Risk		The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.
Risk Management		The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the information system.
Safeguards		Protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures.
Sanitization		Process to remove information from media such that information recovery is not possible. It includes removing all labels, markings, and activity logs.
Security Category		The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals.
Security Controls		The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.
Security Plan		See System Security Plan.
Security Requirements		Requirements levied on an information system that are derived from applicable laws, orders, directives, policies, standards, instructions, regulations, or procedures, or organizational mission/business case needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted.
System		See information system.
System Security Plan		Formal document that provides an overview of the security requirements for an information system and describes the security controls in place or planned for meeting those requirements.
Threat		Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.
User		Individual or (system) process authorized to access an information system.
Vulnerability		Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

Also available as XML or JSON