{ "$TMF_VERSION": "1.4", "PublicationDateTime": "2021-04-26T00:00:00.000Z", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-17 (3): Formal Correspondence.", "Keywords": [ "800-53", "Formal Correspondence", "NIST", "Security", "Services Acquisition", "System" ], "Issuer": { "Identifier": "https://trustmarkinitiative.org/", "PrimaryContact": { "Email": "help@trustmarkinitiative.org", "Telephone": "555-555-5555", "Kind": "PRIMARY", "WebsiteURL": "https://trustmarkinitiative.org/", "Responder": "" }, "Name": "TMI" }, "Sources": [{ "Identifier": "SP800-53R4", "Reference": "NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4<\/a>.", "$id": "source-2112165102" }], "Name": "NIST SP 800-53 r4 Security Control SA-17 (3): Formal Correspondence", "TrustExpression": "TD_ref1 and TD_ref2 and TD_ref3 and TD_ref4 and TD_ref5", "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-sa-17-_3__-formal-correspondence/4/", "Version": "4", "References": {"TrustmarkDefinitionRequirements": [ { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/developer-security-architecture-and-design-_-formal-correspondence-_-top-level-specification-covers-interfaces/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to show via informal demonstration, that the formal top-level specification completely covers the interfaces to security-relevant hardware, software, and firmware.", "Number": 1, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/developer-security-architecture-and-design-_-formal-correspondence-_-top-level-specification-covers-interfaces/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to show via informal demonstration, that the formal top-level specification completely covers the interfaces to security-relevant hardware, software, and firmware.", "Number": 1, "Version": "1.0", "Name": "Developer Security Architecture And Design | Formal Correspondence | Top-Level Specification Covers Interfaces" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Developer Security Architecture And Design | Formal Correspondence | Top-Level Specification Covers Interfaces", "$id": "TD_ref1" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/developer-security-architecture-and-design-_-formal-correspondence-_-top-level-specification/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce, as an integral part of the development process, a formal top-level specification that specifies the interfaces to security-relevant hardware, software, and firmware in terms of exceptions, error messages, and effects.", "Number": 2, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/developer-security-architecture-and-design-_-formal-correspondence-_-top-level-specification/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to produce, as an integral part of the development process, a formal top-level specification that specifies the interfaces to security-relevant hardware, software, and firmware in terms of exceptions, error messages, and effects.", "Number": 2, "Version": "1.0", "Name": "Developer Security Architecture And Design | Formal Correspondence | Top-Level Specification" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Developer Security Architecture And Design | Formal Correspondence | Top-Level Specification", "$id": "TD_ref2" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/developer-security-architecture-and-design-_-formal-correspondence-_-top-level-specification-consistent-with-policy-model/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to show via proof to the extent feasible with additional informal demonstration as necessary, that the formal top-level specification is consistent with the formal policy model.", "Number": 3, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/developer-security-architecture-and-design-_-formal-correspondence-_-top-level-specification-consistent-with-policy-model/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to show via proof to the extent feasible with additional informal demonstration as necessary, that the formal top-level specification is consistent with the formal policy model.", "Number": 3, "Version": "1.0", "Name": "Developer Security Architecture And Design | Formal Correspondence | Top-Level Specification Consistent With Policy Model" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Developer Security Architecture And Design | Formal Correspondence | Top-Level Specification Consistent With Policy Model", "$id": "TD_ref3" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/developer-security-architecture-and-design-_-formal-correspondence-_-description-of-additional-security-relevant-items/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to describe the security-relevant hardware, software, and firmware mechanisms not addressed in the formal top-level specification but strictly internal to the security-relevant hardware, software, and firmware.", "Number": 4, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/developer-security-architecture-and-design-_-formal-correspondence-_-description-of-additional-security-relevant-items/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to describe the security-relevant hardware, software, and firmware mechanisms not addressed in the formal top-level specification but strictly internal to the security-relevant hardware, software, and firmware.", "Number": 4, "Version": "1.0", "Name": "Developer Security Architecture And Design | Formal Correspondence | Description of Additional Security-Relevant Items" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Developer Security Architecture And Design | Formal Correspondence | Description of Additional Security-Relevant Items", "$id": "TD_ref4" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/developer-security-architecture-and-design-_-formal-correspondence-_-top-level-specification-is-accurate/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to show that the formal top-level specification is an accurate description of the implemented security-relevant hardware, software, and firmware.", "Number": 5, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/developer-security-architecture-and-design-_-formal-correspondence-_-top-level-specification-is-accurate/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization requires the developer of the information system, system component, or information system service to show that the formal top-level specification is an accurate description of the implemented security-relevant hardware, software, and firmware.", "Number": 5, "Version": "1.0", "Name": "Developer Security Architecture And Design | Formal Correspondence | Top-Level Specification Is Accurate" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Developer Security Architecture And Design | Formal Correspondence | Top-Level Specification Is Accurate", "$id": "TD_ref5" } ]}, "Primary": "false", "LegalNotice": "This document and the information contained herein is provided on an \"AS IS\" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.", "$Type": "TrustInteroperabilityProfile" }