SA-17(2)

Requirement

Require the developer of the system, system component, or system service to:
(a) Define security-relevant hardware, software, and firmware; and
(b) Provide a rationale that the definition for security-relevant hardware, software, and firmware is complete.

Discussion

The security-relevant hardware, software, and firmware represent the portion of the system, component, or service that is trusted to perform correctly to maintain required security properties.

Title

Developer Security and Privacy Architecture and Design | Security-relevant Components
Family

System and Services Acquisition
NIST 800-53B Baseline(s)

NIST 800-53A Assessment Guidance

ID	Assessment Objectives
SA-17(02)(a)[01]	the developer of the system, system component, or system service is required to define security-relevant hardware;
SA-17(02)(a)[02]	the developer of the system, system component, or system service is required to define security-relevant software;
SA-17(02)(a)[03]	the developer of the system, system component, or system service is required to define security-relevant firmware;
SA-17(02)(b)	the developer of the system, system component, or system service is required to provide a rationale that the definition for security-relevant hardware, software, and firmware is complete.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!