TDA-06.5 ยท Software Design Review

Control Description

Mechanisms exist to have an independent review of the software design to confirm that all cybersecurity and data protection requirements are met and that any identified risks are satisfactorily addressed.

Control Question
Assessment question for control validation

Does the organization have an independent review of the software design to confirm that all cybersecurity and data protection requirements are met and that any identified risks are satisfactorily addressed?

Control Weighting
10
Validation Cadence
Annual
NIST CSF Function
Detect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: TDA-06.5
Additional Metadata
Applicability (Process):
x
Errata & Additional Notes

- wordsmithed control