System and Services Acquisition: System Development Life Cycle

From SecWiki
Jump to navigation Jump to search


System Development Life Cycle
Identifier sa-3
Family sa

Property "Guidance" (as page type) with input value "A system development life cycle process provides the foundation for the successful development, implementation, and operation of organizational systems. The integration of security and privacy considerations early in the system development life cycle is a foundational principle of systems security engineering and privacy engineering. To apply the required controls within the system development life cycle requires a basic understanding of information security and privacy, threats, vulnerabilities, adverse impacts, and risk to critical mission and business functions. The security engineering principles in SA-8 help individuals properly design, code, and test systems and system components. Organizations include qualified personnel (e.g., senior agency information security officers, senior agency officials for privacy, security and privacy architects, and security and privacy engineers) in system development life cycle processes to ensure that established security and privacy requirements are incorporated into organizational systems. Role-based security and privacy training programs can ensure that individuals with key security and privacy roles and responsibilities have the experience, skills, and expertise to conduct assigned system development life cycle activities. </br> The effective integration of security and privacy requirements into enterprise architecture also helps to ensure that important security and privacy considerations are addressed throughout the system life cycle and that those considerations are directly related to organizational mission and business processes. This process also facilitates the integration of the information security and privacy architectures into the enterprise architecture, consistent with the risk management strategy of the organization. Because the system development life cycle involves multiple organizations, (e.g., external suppliers, developers, integrators, service providers), acquisition and supply chain risk management functions and controls play significant roles in the effective management of the system during the life cycle." contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.

Statement

Supplemental guidance

A system development life cycle process provides the foundation for the successful development, implementation, and operation of organizational systems. The integration of security and privacy considerations early in the system development life cycle is a foundational principle of systems security engineering and privacy engineering. To apply the required controls within the system development life cycle requires a basic understanding of information security and privacy, threats, vulnerabilities, adverse impacts, and risk to critical mission and business functions. The security engineering principles in SA-8 help individuals properly design, code, and test systems and system components. Organizations include qualified personnel (e.g., senior agency information security officers, senior agency officials for privacy, security and privacy architects, and security and privacy engineers) in system development life cycle processes to ensure that established security and privacy requirements are incorporated into organizational systems. Role-based security and privacy training programs can ensure that individuals with key security and privacy roles and responsibilities have the experience, skills, and expertise to conduct assigned system development life cycle activities.

       The effective integration of security and privacy requirements into enterprise architecture also helps to ensure that important security and privacy considerations are addressed throughout the system life cycle and that those considerations are directly related to organizational mission and business processes. This process also facilitates the integration of the information security and privacy architectures into the enterprise architecture, consistent with the risk management strategy of the organization. Because the system development life cycle involves multiple organizations, (e.g., external suppliers, developers, integrators, service providers), acquisition and supply chain risk management functions and controls play significant roles in the effective management of the system during the life cycle.

Related controls

The part "]]" of the query was not understood.</br>Results might not be as expected.

Control enhancements

None.

External references

None.The part "]]" of the query was not understood.</br>Results might not be as expected.

Referred by

, , , , , , , , , , , , ,
Identifier Name Priority Baseline
At-3 Role-based Training
Pl-8 Security and Privacy Architectures
Pm-7 Enterprise Architecture
Pm-25 Minimization of Personally Identifiable Information Used in Testing, Training, and Research
Sa-4 Acquisition Process
Sa-5 System Documentation
Sa-8 Security and Privacy Engineering Principles
Sa-11 Developer Testing and Evaluation
Sa-15 Development Process, Standards, and Tools
Sa-17 Developer Security and Privacy Architecture and Design
Sa-22 Unsupported System Components
Sr-3 Supply Chain Controls and Processes
Sr-4 Provenance
Sr-5 Acquisition Strategies, Tools, and Methods