Skip to main content

πŸ’Ό SA-4 ACQUISITION PROCESS

Description​

The organization includes the following requirements, descriptions, and criteria, explicitly or by reference, in the acquisition contract for the information system, system component, or information system service in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, guidelines, and organizational mission/business needs: SA-4a. Security functional requirements; SA-4b. Security strength requirements; SA-4c. Security assurance requirements; SA-4d. Security-related documentation requirements; SA-4e. Requirements for protecting security-related documentation; SA-4f. Description of the information system development environment and environment in which the system is intended to operate; and SA-4g. Acceptance criteria.

Similar​

  • Internal
    • ID: dec-c-f7f1f31e

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events77
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-2: A System Development Life Cycle to manage systems is implemented66

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SA-4 (1) FUNCTIONAL PROPERTIES OF SECURITY CONTROLS
πŸ’Ό SA-4 (2) DESIGN _ IMPLEMENTATION INFORMATION FOR SECURITY CONTROLS
πŸ’Ό SA-4 (3) DEVELOPMENT METHODS _ TECHNIQUES _ PRACTICES
πŸ’Ό SA-4 (4) ASSIGNMENT OF COMPONENTS TO SYSTEMS
πŸ’Ό SA-4 (5) SYSTEM _ COMPONENT _ SERVICE CONFIGURATIONS
πŸ’Ό SA-4 (6) USE OF INFORMATION ASSURANCE PRODUCTS
πŸ’Ό SA-4 (7) NIAP-APPROVED PROTECTION PROFILES
πŸ’Ό SA-4 (8) CONTINUOUS MONITORING PLAN
πŸ’Ό SA-4 (9) FUNCTIONS _ PORTS _ PROTOCOLS _ SERVICES IN USE
πŸ’Ό SA-4 (10) USE OF APPROVED PIV PRODUCTS