SA-15(03) Criticality Analysis

Require the developer of the system, system component, or system service to perform a criticality analysis:

(a) At the following decision points in the system development life cycle: sa-15.03_odp.01 ; and

(b) At the following level of rigor: sa-15.3_prm_2.

Parameter ID Definition
sa-15.3_prm_2 organization-defined breadth and depth of criticality analysis
sa-15.03_odp.01 decision points
sa-15.03_odp.02 breadth
sa-15.03_odp.03 depth



Criticality analysis performed by the developer provides input to the criticality analysis performed by organizations. Developer input is essential to organizational criticality analysis because organizations may not have access to detailed design documentation for system components that are developed as commercial off-the-shelf products. Such design documentation includes functional specifications, high-level designs, low-level designs, source code, and hardware schematics. Criticality analysis is important for organizational systems that are designated as high value assets. High value assets can be moderate- or high-impact systems due to heightened adversarial interest or potential adverse effects on the federal enterprise. Developer input is especially important when organizations conduct supply chain criticality analyses.

Related controls 1