Technology Development & Acquisition
Mechanisms exist to ensure risk-based technical and functional specifications are established to define a Minimum Viable Product (MVP).
Technology Development & Acquisition
Level N/A
Mechanisms exist to require the developers of systems, system components or services to identify early in the Secure Development Life Cycle (SDLC), the functions, ports, protocols and services intended for use.
Technology Development & Acquisition
Level N/A
Mechanisms exist to limit the use of commercially-provided Information Assurance (IA) and IA-enabled IT products to those products that have been successfully evaluated against a National Information Assurance partnership (NIAP)-approved Protection Profile or the cryptographic module is FIPS-validated or NSA-approved.
Technology Development & Acquisition
Mechanisms exist to require software vendors / manufacturers to demonstrate that their software development processes employ industry-recognized secure practices for secure programming, engineering methods, quality control processes and validation techniques to minimize flawed or malformed software.
Technology Development & Acquisition
Level N/A
Mechanisms exist to ensure vendors / manufacturers: â–ª Deliver the system, component, or service with a pre-established, secure configuration implemented; and â–ª Use the pre-established, secure configuration as the default for any subsequent system, component, or service reinstallation or upgrade.
Technology Development & Acquisition
Mechanisms exist to require process owners to identify, document and justify the business need for the ports, protocols and other services necessary to operate their technology solutions.
Technology Development & Acquisition
Level N/A
Mechanisms exist to mitigate the risk associated with the use of insecure ports, protocols and services necessary to operate technology solutions.
Technology Development & Acquisition
Mechanisms exist to include appropriate cybersecurity & data privacy representatives in the product feature and/or functionality change control review process.
Technology Development & Acquisition
Mechanisms exist to utilize only Commercial Off-the-Shelf (COTS) security products.
Technology Development & Acquisition
Level N/A
Mechanisms exist to obtain cybersecurity & data privacy technologies from different suppliers to minimize supply chain risk.
