SA-17 Developer Security and Privacy Architecture and Design
Require the developer of the system, system component, or system service to produce a design specification and security and privacy architecture that:
a. Is consistent with the organization’s security and privacy architecture that is an integral part the organization’s enterprise architecture;
b. Accurately and completely describes the required security and privacy functionality, and the allocation of controls among physical and logical components; and
c. Expresses how individual security and privacy functions, mechanisms, and services work together to provide required security and privacy capabilities and a unified approach to protection.
Developer security and privacy architecture and design are directed at external developers, although they could also be applied to internal (in-house) development. In contrast, PL-8 is directed at internal developers to ensure that organizations develop a security and privacy architecture that is integrated with the enterprise architecture. The distinction between SA-17 and PL-8 is especially important when organizations outsource the development of systems, system components, or system services and when there is a requirement to demonstrate consistency with the enterprise architecture and security and privacy architecture of the organization. [ISO 15408-2](#87087451-2af5-43d4-88c1-d66ad850f614), [ISO 15408-3](#4452efc0-e79e-47b8-aa30-b54f3ef61c2f) , and [SP 800-160-1](#e3cc0520-a366-4fc9-abc2-5272db7e3564) provide information on security architecture and design, including formal policy models, security-relevant components, formal and informal correspondence, conceptually simple design, and structuring for least privilege and testing.
- ISO 15408-2 International Organization for Standardization/International Electrotechnical Commission 15408-2:2008, *Information technology —Security techniques — Evaluation criteria for IT security — Part 2: Security functional requirements* , April 2017.
- ISO 15408-3 International Organization for Standardization/International Electrotechnical Commission 15408-3:2008, *Information technology—Security techniques — Evaluation criteria for IT security — Part 3: Security assurance requirements* , April 2017.
- SP 800-160-1 Ross RS, Oren JC, McEvilley M (2016) Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-160, Vol. 1, Includes updates as of March 21, 2018.
Control Enhancements 9
- SA-17(01) Formal Policy Model L M H P
- SA-17(02) Security-relevant Components L M H P
- SA-17(03) Formal Correspondence L M H P
- SA-17(04) Informal Correspondence L M H P
- SA-17(05) Conceptually Simple Design L M H P
- SA-17(06) Structure for Testing L M H P
- SA-17(07) Structure for Least Privilege L M H P
- SA-17(08) Orchestration L M H P
- SA-17(09) Design Diversity L M H P
Related controls 7
- PL-02 System Security and Privacy Plans L M H P
- PL-08 Security and Privacy Architectures L M H P
- PM-07 Enterprise Architecture L M H P
- SA-03 System Development Life Cycle L M H P
- SA-04 Acquisition Process L M H P
- SA-08 Security and Privacy Engineering Principles L M H P
- SC-07 Boundary Protection L M H P