|
controlSA-4
Acquisition Process (SA-4)
Include the following requirements, descriptions, and criteria, explicitly or by reference, using [organization-defined] in the acquisition contract for the system, system component, or system service:
Security Baselines
LOWMODERATEHIGH
acquisitionsdlcservicessupply-chain
Why These Connect
Baselined In3
This control is included in the linked security baseline (LOW, MODERATE, or HIGH).
Supports44
These related controls work together — a change to one may affect the others.
Enhances12
These enhancements add specific capabilities or refinements to the base control.
Related Controls(27)
CM-6Configuration Settings (CM-6)
LMH
CM-7Least Functionality (CM-7)LMH
CM-8System Component Inventory (CM-8)LMH
CM-12Information Location (CM-12)MH
IA-2Identification and Authentication (Organizational Users) (IA-2)LMH
IA-7Cryptographic Module Authentication (IA-7)LMH
IA-8Identification and Authentication (Non-organizational Users) (IA-8)LMH
PM-9Risk Management Strategy (PM-9)SA-3System Development Life Cycle (SA-3)LMH
PS-7External Personnel Security (PS-7)LMH
SA-5System Documentation (SA-5)LMH
SA-8Security and Privacy Engineering Principles (SA-8)LMH
SA-11Developer Testing and Evaluation (SA-11)MH
SA-15Development Process, Standards, and Tools (SA-15)MH
SA-16Developer-provided Training (SA-16)H
SA-17Developer Security and Privacy Architecture and Design (SA-17)H
SA-21Developer Screening (SA-21)H
SR-3Supply Chain Controls and Processes (SR-3)LMH
SR-5Acquisition Strategies, Tools, and Methods (SR-5)LMH
SA-9External System Services (SA-9)LMH
SA-10Developer Configuration Management (SA-10)MH
SC-2Separation of System and User Functionality (SC-2)MH
SC-3Security Function Isolation (SC-3)H
SC-8Transmission Confidentiality and Integrity (SC-8)MH
SC-12Cryptographic Key Establishment and Management (SC-12)LMH
SC-13Cryptographic Protection (SC-13)LMH
SR-11Component Authenticity (SR-11)LMH
Control Enhancements(12)
SA-4(1)Functional Properties of Controls (SA-4(1))
MH
SA-4(2)Design and Implementation Information for Controls (SA-4(2))MH
SA-4(3)Development Methods, Techniques, and Practices (SA-4(3))SA-4(4)Assignment of Components to Systems (SA-4(4))WSA-4(5)System, Component, and Service Configurations (SA-4(5))H
SA-4(6)Use of Information Assurance Products (SA-4(6))SA-4(7)NIAP-approved Protection Profiles (SA-4(7))SA-4(8)Continuous Monitoring Plan for Controls (SA-4(8))SA-4(9)Functions, Ports, Protocols, and Services in Use (SA-4(9))MH
SA-4(10)Use of Approved PIV Products (SA-4(10))LMH
SA-4(11)System of Records (SA-4(11))SA-4(12)Data Ownership (SA-4(12))