| SA-18 (1) Multiple Phases Of Sdlc | | Organizations use a combination of hardware and software techniques for tamper resistance and detection. Organizations employ obfuscation and self-checking, for example, to make reverse engineering and modifications more difficult, time-consuming, and expensive for adversaries. Customization of information systems and system components can make substitutions easier to detect and therefore limit damage. The organization employs anti-tamper technologies and techniques during multiple phases in the system development life cycle including design, development, integration, operations, and maintenance. | SA-18 (2) Inspection Of Information Systems, Components, Or Devices | | This control enhancement addresses both physical and logical tampering and is typically applied to mobile devices, notebook computers, or other system components taken out of organization-controlled areas. Indications of need for inspection include, for example, when individuals return from travel to high-risk locations. The organization inspects Assignment: organization-defined information systems, system components, or devices Selection (one or more): at random; at Assignment: organization-defined frequency, upon Assignment: organization-defined indications of need for inspection to detect tampering. |
