Developer Architecture & Design
Mechanisms exist to require the developers of Technology Assets, Applications and/or Services (TAAS) to produce a design specification and security architecture that: (1) Is consistent with and supportive of the organization's security architecture which is established within and is an integrated part of the organization's enterprise architecture; (2) Accurately and completely describes the required security functionality and the allocation of security controls among physical and logical components; and (3) Expresses how individual security functions, mechanisms and services work together to provide required security capabilities and a unified approach to protection.
Does the organization require the developers of Technology Assets, Applications and/or Services (TAAS) to produce a design specification and security architecture that: (1) Is consistent with and supportive of its security architecture which is established within and is an integrated part of its enterprise architecture; (2) Accurately and completely describes the required security functionality and the allocation of security controls among physical and logical components; and (3) Expresses how individual security functions, mechanisms and services work together to provide required security capabilities and a unified approach to protection?
Technology Development & Acquisition
Annual
E-TDA-04
This control maps to the following compliance frameworks
6.1.56.2.16.2.26.3.16.3.26.4.16.4.26.4.36.4.46.4.56.4.66.4.76.4.86.5.16.5.26.5.3
4.14.24.36.16.2