SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIST 800-53 v5
Browse NIST 800-53...
SA-17(1): Formal Policy Model
Formal Policy Model
SA-17(1): Formal Policy Model
Require the developer of the system, system component, or system service to:
(a) Produce, as an integral part of the development process, a formal policy model describing the [Assignment: organization-defined elements of organizational security and privacy policy] to be enforced; and
(b) Prove that the formal policy model is internally consistent and sufficient to enforce the defined elements of the organizational security and privacy policy when implemented.
Implementation
Not applicable - Not applicable
Planned - The implementation is planned
In progress - The implementation is currently in progress
Partially implemented - The control is partially implemented
Implemented - The control is fully implemented
Alternative implementation - There is an alternative implementation in place (e.g., shared responsibility or inherited implementation)
Description

Formal models describe specific behaviors or security and privacy policies using formal languages, thus enabling the correctness of those behaviors and policies to be formally proven. Not all components of systems can be modeled. Generally, formal specifications are scoped to the behaviors or policies of interest, such as nondiscretionary access control policies. Organizations choose the formal modeling language and approach based on the nature of the behaviors and policies to be described and the available tools.