Skip to main content

💼 SA-4 ACQUISITION PROCESS

Description​

The organization includes the following requirements, descriptions, and criteria, explicitly or by reference, in the acquisition contract for the information system, system component, or information system service in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, guidelines, and organizational mission/business needs: SA-4a. Security functional requirements; SA-4b. Security strength requirements; SA-4c. Security assurance requirements; SA-4d. Security-related documentation requirements; SA-4e. Requirements for protecting security-related documentation; SA-4f. Description of the information system development environment and environment in which the system is intended to operate; and SA-4g. Acceptance criteria.

Similar​

  • Internal
    • ID: dec-c-f7f1f31e

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
💼 NIST CSF v1.1 → 💼 DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events66
💼 NIST CSF v1.1 → 💼 PR.IP-2: A System Development Life Cycle to manage systems is implemented69

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
💼 SA-4 (1) FUNCTIONAL PROPERTIES OF SECURITY CONTROLS
💼 SA-4 (2) DESIGN _ IMPLEMENTATION INFORMATION FOR SECURITY CONTROLS
💼 SA-4 (3) DEVELOPMENT METHODS _ TECHNIQUES _ PRACTICES
💼 SA-4 (4) ASSIGNMENT OF COMPONENTS TO SYSTEMS
💼 SA-4 (5) SYSTEM _ COMPONENT _ SERVICE CONFIGURATIONS
💼 SA-4 (6) USE OF INFORMATION ASSURANCE PRODUCTS
💼 SA-4 (7) NIAP-APPROVED PROTECTION PROFILES
💼 SA-4 (8) CONTINUOUS MONITORING PLAN
💼 SA-4 (9) FUNCTIONS _ PORTS _ PROTOCOLS _ SERVICES IN USE
💼 SA-4 (10) USE OF APPROVED PIV PRODUCTS