rmfdb

Description	The organization requires the developer of the information system, system component, or information system service to produce, as an integral part of the development process, a formal top-level specification that specifies the interfaces to security-relevant hardware in terms of exceptions, error messages, and effects.
Assessment Procedure	SA-17(3).1
Organization Guidance	The organization being inspected/assessed documents within the contracts/agreements, the requirement that the developer of the information system, system component, or information system service produce, as an integral part of the development process, a formal top-level specification that specifies the interfaces to security-relevant hardware in terms of exceptions, error messages, and effects.
Auditor Guidance	The organization conducting the inspection/assessment obtains and examines the contracts/agreements to ensure the organization being inspected/assessed requires that the developer of the information system, system component, or information system service produce, as an integral part of the development process, a formal top-level specification that specifies the interfaces to security-relevant hardware in terms of exceptions, error messages, and effects.

Control

Developer Security Architecture And Design | Formal Corresponden

STIG Rules