Skip to main content

💼 SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS

  • ID: /frameworks/nist-sp-800-53-r4/sa/15

Description​

The organization: SA-15a. Requires the developer of the information system, system component, or information system service to follow a documented development process that: SA-15a.1. Explicitly addresses security requirements; SA-15a.2. Identifies the standards and tools used in the development process; SA-15a.3. Documents the specific tool options and tool configurations used in the development process; and SA-15a.4. Documents, manages, and ensures the integrity of changes to the process and/or tools used in development; and SA-15b. Reviews the development process, standards, tools, and tool options/configurations [Assignment: organization-defined frequency] to determine if the process, standards, tools, and tool options/configurations selected and employed can satisfy [Assignment: organization-defined security requirements].

Similar​

  • Internal
    • ID: dec-c-fd8dac7b

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process77no data
💼 NIST CSF v1.1 → 💼 PR.IP-2: A System Development Life Cycle to manage systems is implemented69no data

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 SA-15 (1) QUALITY METRICSno data
💼 SA-15 (2) SECURITY TRACKING TOOLSno data
💼 SA-15 (3) CRITICALITY ANALYSISno data
💼 SA-15 (4) THREAT MODELING _ VULNERABILITY ANALYSISno data
💼 SA-15 (5) ATTACK SURFACE REDUCTIONno data
💼 SA-15 (6) CONTINUOUS IMPROVEMENTno data
💼 SA-15 (7) AUTOMATED VULNERABILITY ANALYSISno data
💼 SA-15 (8) REUSE OF THREAT _ VULNERABILITY INFORMATIONno data
💼 SA-15 (9) USE OF LIVE DATAno data
💼 SA-15 (10) INCIDENT RESPONSE PLANno data
💼 SA-15 (11) ARCHIVE INFORMATION SYSTEM _ COMPONENTno data