← Back to catalog
SA-8(31)

Secure System Modification

System and Services Acquisition (SA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Implement the security design principle of secure system modification in [assignment].

Discussion

The principle of secure system modification states that system modification maintains system security with respect to the security requirements and risk tolerance of stakeholders. Upgrades or modifications to systems can transform secure systems into systems that are not secure. The procedures for system modification ensure that if the system is to maintain its trustworthiness, the same rigor that was applied to its initial development is applied to any system changes. Because modifications can affect the ability of the system to maintain its secure state, a careful security analysis of the modification is needed prior to its implementation and deployment. This principle parallels the principle of secure evolvability.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.