Detections
Analytics

800-53|SA-17

Title

DEVELOPER SECURITY ARCHITECTURE AND DESIGN

Description

The organization requires the developer of the information system, system component, or information system service to produce a design specification and security architecture that:

Supplemental

This control is primarily directed at external developers, although it could also be used for internal (in-house) development. In contrast, PL-8 is primarily directed at internal developers to help ensure that organizations develop an information security architecture and such security architecture is integrated or tightly coupled to the enterprise architecture. This distinction is important if/when organizations outsource the development of information systems, information system components, or information system services to external entities, and there is a requirement to demonstrate consistency with the organization's enterprise architecture and information security architecture.

Reference Item Details

Related: PL-8,PM-7,SA-3,SA-8

Category: SYSTEM AND SERVICES ACQUISITION

Family: SYSTEM AND SERVICES ACQUISITION

Priority: P1

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
MS.AAD.1.1v1 - Legacy authentication SHALL be blocked.microsoft_azureCISA SCuBA Microsoft 365 Entra ID v1.5.0
MS.AAD.2.1v1 - Users detected as high risk SHALL be blocked.microsoft_azureCISA SCuBA Microsoft 365 Entra ID v1.5.0
MS.AAD.2.2v1 - A notification SHOULD be sent to the administrator when high-risk users are detected.microsoft_azureCISA SCuBA Microsoft 365 Entra ID v1.5.0
MS.AAD.2.3v1 - Sign-ins detected as high risk SHALL be blocked.microsoft_azureCISA SCuBA Microsoft 365 Entra ID v1.5.0
MS.AAD.3.6v1 - Phishing-resistant MFA SHALL be required for highly privileged roles.microsoft_azureCISA SCuBA Microsoft 365 Entra ID v1.5.0
MS.AAD.3.7v1 - Managed devices SHOULD be required for authentication.microsoft_azureCISA SCuBA Microsoft 365 Entra ID v1.5.0
MS.AAD.3.8v1 - Managed Devices SHOULD be required to register MFA.microsoft_azureCISA SCuBA Microsoft 365 Entra ID v1.5.0
MS.AAD.8.3v1 - Guest invites SHOULD only be allowed to specific external domains that have been authorized by the agency for legitimate business purposes.microsoft_azureCISA SCuBA Microsoft 365 Entra ID v1.5.0
MS.EXO.16.1v1 - At a minimum, the following alerts SHALL be enabled:microsoft_azureCISA SCuBA Microsoft 365 Exchange Online v1.5.0
MS.POWERPLATFORM.3.1v1 - Power Platform tenant isolation SHALL be enabled.microsoft_azureCISA SCuBA Microsoft 365 Power Platform v1.5.0
MS.TEAMS.1.2v1 - Anonymous users SHALL NOT be enabled to start meetings.microsoft_azureCISA SCuBA Microsoft 365 Teams v1.5.0