Creator
Description
The system receives an RMF [Risk Management Framework] categorization which determines the RMF controls the system should implement. The controls are engineered into the system design and are tested by the contractor. The developer environment, processes (i.e software ccoding, updates) and tools must also be understood to identify areas where testing is needed. In addition to the system cybersecurity standards, the PPP [Program Protection Plan] should identify critical components and functionality to be protected in the supply chain. The CDT [Chief Development Team] should understand areas of supply chain risk in order to plan related testing.Owning Diagram A11: Compile Cybersecurity Requirements and Security Resources
catalog of cybersecurity requirements