|
controlSA-3
System Development Life Cycle (SA-3)
Acquire, develop, and manage the system using [organization-defined] that incorporates information security and privacy considerations; Define and document information security and privacy roles and responsibilities throughout the system development life cycle; Identify individuals having information security and privacy roles and responsibilities; and Integrate the organizational information security and privacy risk management process into system development life cycle activities.
Security Baselines
LOWMODERATEHIGH
acquisitionsdlcservicessupply-chain
Why These Connect
Baselined In3
This control is included in the linked security baseline (LOW, MODERATE, or HIGH).
Supports21
These related controls work together — a change to one may affect the others.
Enhances3
These enhancements add specific capabilities or refinements to the base control.
Related Controls(16)
AT-3Role-based Training (AT-3)
LMH
PL-8Security and Privacy Architectures (PL-8)MH
PM-7Enterprise Architecture (PM-7)PM-25Minimization of Personally Identifiable Information Used in Testing, Training, and Research (PM-25)SA-4Acquisition Process (SA-4)LMH
SA-5System Documentation (SA-5)LMH
SA-8Security and Privacy Engineering Principles (SA-8)LMH
SA-11Developer Testing and Evaluation (SA-11)MH
SA-15Development Process, Standards, and Tools (SA-15)MH
SA-17Developer Security and Privacy Architecture and Design (SA-17)H
SA-22Unsupported System Components (SA-22)LMH
SR-3Supply Chain Controls and Processes (SR-3)LMH
SR-4Provenance (SR-4)SR-5Acquisition Strategies, Tools, and Methods (SR-5)LMH
SR-9Tamper Resistance and Detection (SR-9)H
SA-24Design For Cyber Resiliency (SA-24)