Skip to main content

💼 SA-4 ACQUISITION PROCESS

  • ID: /frameworks/nist-sp-800-53-r4/sa/04

Description​

The organization includes the following requirements, descriptions, and criteria, explicitly or by reference, in the acquisition contract for the information system, system component, or information system service in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, guidelines, and organizational mission/business needs: SA-4a. Security functional requirements; SA-4b. Security strength requirements; SA-4c. Security assurance requirements; SA-4d. Security-related documentation requirements; SA-4e. Requirements for protecting security-related documentation; SA-4f. Description of the information system development environment and environment in which the system is intended to operate; and SA-4g. Acceptance criteria.

Similar​

  • Internal
    • ID: dec-c-f7f1f31e

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events67no data
💼 NIST CSF v1.1 → 💼 PR.IP-2: A System Development Life Cycle to manage systems is implemented69no data

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 SA-4 (1) FUNCTIONAL PROPERTIES OF SECURITY CONTROLSno data
💼 SA-4 (2) DESIGN _ IMPLEMENTATION INFORMATION FOR SECURITY CONTROLSno data
💼 SA-4 (3) DEVELOPMENT METHODS _ TECHNIQUES _ PRACTICESno data
💼 SA-4 (4) ASSIGNMENT OF COMPONENTS TO SYSTEMSno data
💼 SA-4 (5) SYSTEM _ COMPONENT _ SERVICE CONFIGURATIONSno data
💼 SA-4 (6) USE OF INFORMATION ASSURANCE PRODUCTSno data
💼 SA-4 (7) NIAP-APPROVED PROTECTION PROFILESno data
💼 SA-4 (8) CONTINUOUS MONITORING PLANno data
💼 SA-4 (9) FUNCTIONS _ PORTS _ PROTOCOLS _ SERVICES IN USEno data
💼 SA-4 (10) USE OF APPROVED PIV PRODUCTSno data