N
|
control familySA

System and Services Acquisition (SA)

System and Services Acquisition - Contains 24 controls and 123 control enhancements.

24
Controls
123
Enhancements
acquisitionsdlcservicessupply-chain

Why These Connect

Addresses Topic1

This control is relevant to the linked cybersecurity topic area.

System and Services Acquisition includes supply chain considerations

Implements2

These controls provide the technical implementation for the linked requirement.

Supply Chain governance also relates to System and Services Acquisition

Implementing Controls

GV.SCCybersecurity Supply Chain Risk Management (GV.SC)PR.PSPlatform Security (PR.PS)

Controls(24)

SA-1Policy and Procedures (SA-1)
LMH
SA-2Allocation of Resources (SA-2)
LMH
SA-3System Development Life Cycle (SA-3)
LMH
SA-4Acquisition Process (SA-4)
LMH
SA-5System Documentation (SA-5)
LMH
SA-6Software Usage Restrictions (SA-6)W
SA-7User-installed Software (SA-7)W
SA-8Security and Privacy Engineering Principles (SA-8)
LMH
SA-9External System Services (SA-9)
LMH
SA-10Developer Configuration Management (SA-10)
MH
SA-11Developer Testing and Evaluation (SA-11)
MH
SA-12Supply Chain Protection (SA-12)W
SA-13Trustworthiness (SA-13)W
SA-14Criticality Analysis (SA-14)W
SA-15Development Process, Standards, and Tools (SA-15)
MH
SA-16Developer-provided Training (SA-16)
H
SA-17Developer Security and Privacy Architecture and Design (SA-17)
H
SA-18Tamper Resistance and Detection (SA-18)W
SA-19Component Authenticity (SA-19)W
SA-20Customized Development of Critical Components (SA-20)
SA-21Developer Screening (SA-21)
H
SA-22Unsupported System Components (SA-22)
LMH
SA-23Specialization (SA-23)
SA-24Design For Cyber Resiliency (SA-24)

See Also

📊View in HeatmapCompare Baselines🛡Threat Coverage