|
controlSA-10
Developer Configuration Management (SA-10)
Require the developer of the system, system component, or system service to:
Security Baselines
MODERATEHIGHLOW
acquisitionsdlcservicessupply-chain
Why These Connect
Baselined In2
This control is included in the linked security baseline (LOW, MODERATE, or HIGH).
Supports23
These related controls work together — a change to one may affect the others.
Enhances7
These enhancements add specific capabilities or refinements to the base control.
Related Controls(16)
CA-6Authorization (CA-6)
LMH
CM-2Baseline Configuration (CM-2)LMH
CM-3Configuration Change Control (CM-3)MH
CM-4Impact Analyses (CM-4)LMH
CM-9Configuration Management Plan (CM-9)MH
SA-5System Documentation (SA-5)LMH
CM-7Least Functionality (CM-7)LMH
SA-4Acquisition Process (SA-4)LMH
SA-8Security and Privacy Engineering Principles (SA-8)LMH
SA-15Development Process, Standards, and Tools (SA-15)MH
SI-2Flaw Remediation (SI-2)LMH
SR-3Supply Chain Controls and Processes (SR-3)LMH
SR-4Provenance (SR-4)SR-5Acquisition Strategies, Tools, and Methods (SR-5)LMH
SR-6Supplier Assessments and Reviews (SR-6)MH
SI-7Software, Firmware, and Information Integrity (SI-7)MH
Control Enhancements(7)
SA-10(1)Software and Firmware Integrity Verification (SA-10(1))SA-10(2)Alternative Configuration Management Processes (SA-10(2))SA-10(3)Hardware Integrity Verification (SA-10(3))SA-10(4)Trusted Generation (SA-10(4))SA-10(5)Mapping Integrity for Version Control (SA-10(5))SA-10(6)Trusted Distribution (SA-10(6))SA-10(7)Security and Privacy Representatives (SA-10(7))