Skip to main content

πŸ’Ό SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES

  • Contextual name: πŸ’Ό SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES
  • ID: /frameworks/nist-sp-800-53-r4/sa/01
  • Located in: πŸ’Ό SA SYSTEM AND SERVICES ACQUISITION

Description​

The organization: SA-1a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: SA-1a.1. A system and services acquisition policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and SA-1a.2. Procedures to facilitate the implementation of the system and services acquisition policy and associated system and services acquisition controls; and SA-1b. Reviews and updates the current: SA-1b.1. System and services acquisition policy [Assignment: organization-defined frequency]; and SA-1b.2. System and services acquisition procedures [Assignment: organization-defined frequency].

Similar​

  • Internal
    • ID: dec-c-6ef32067

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.GV-1: Organizational cybersecurity policy is established and communicated
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed22

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags