💼 SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS
- Contextual name: 💼 SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS
- ID:
/frameworks/nist-sp-800-53-r4/sa/15 - Located in: 💼 SA SYSTEM AND SERVICES ACQUISITION
Description​
The organization: SA-15a. Requires the developer of the information system, system component, or information system service to follow a documented development process that: SA-15a.1. Explicitly addresses security requirements; SA-15a.2. Identifies the standards and tools used in the development process; SA-15a.3. Documents the specific tool options and tool configurations used in the development process; and SA-15a.4. Documents, manages, and ensures the integrity of changes to the process and/or tools used in development; and SA-15b. Reviews the development process, standards, tools, and tool options/configurations [Assignment: organization-defined frequency] to determine if the process, standards, tools, and tool options/configurations selected and employed can satisfy [Assignment: organization-defined security requirements].
Similar​
- Internal
- ID:
dec-c-fd8dac7b
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process | 7 | 7 | ||
| 💼 NIST CSF v1.1 → 💼 PR.IP-2: A System Development Life Cycle to manage systems is implemented | 6 | 9 |