• Requirement

    Require the developer of the system, system component, or system service to perform a criticality analysis:

    1. At the following decision points in the system development life cycle: [Assignment: organization-defined decision points in the system development life cycle]; and
    2. At the following level of rigor: [Assignment: organization-defined breadth and depth of criticality analysis].
  • Discussion

    Criticality analysis performed by the developer provides input to the criticality analysis performed by organizations. Developer input is essential to organizational criticality analysis because organizations may not have access to detailed design documentation for system components that are developed as commercial off-the-shelf products. Such design documentation includes functional specifications, high-level designs, low-level designs, source code, and hardware schematics. Criticality analysis is important for organizational systems that are designated as high value assets. High value assets can be moderate- or high-impact systems due to heightened adversarial interest or potential adverse effects on the federal enterprise. Developer input is especially important when organizations conduct supply chain criticality analyses.

More Info

  • Title

    Development Process, Standards, and Tools | Criticality Analysis
  • Family

    System and Services Acquisition
  • NIST 800-53B Baseline(s)

    • Moderate
    • High
  • Related NIST 800-53 ID


NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!