💼 SA-3 System Development Life Cycle (L)(M)(H)

Contextual name: 💼 SA-3 System Development Life Cycle (L)(M)(H)
ID: /frameworks/fedramp-high-security-controls/sa/03
Located in: 💼 System and Services Acquisition

Description

a. Acquire, develop, and manage the system using [Assignment: organization-defined system development life cycle] that incorporates information security and privacy considerations;

b. Define and document information security and privacy roles and responsibilities throughout the system development life cycle;

c. Identify individuals having information security and privacy roles and responsibilities; and

d. Integrate the organizational information security and privacy risk management process into system development life cycle activities.

Similar

Sections
- /frameworks/nist-sp-800-53-r5/sa/03
Internal
- ID: dec-c-0d2cca86

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST SP 800-53 Revision 5 → 💼 SA-3 System Development Life Cycle	3		4

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 FedRAMP Low Security Controls → 💼 SA-3 System Development Life Cycle (L)(M)(H)			4
💼 FedRAMP Moderate Security Controls → 💼 SA-3 System Development Life Cycle (L)(M)(H)			4

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (4)

Policy	Logic Count	Flags
📝 AWS CodeBuild Project Bitbucket Source Location URL contains credentials 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value 🟢	1	🟢 x6
📝 Google Cloud SQL Server Instance user options Database Flag is configured 🟢	1	🟢 x6

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (4)​