Skip to main content

💼 SA System And Services Acquisition

  • ID: /frameworks/nist-sp-800-53-r5/sa

Description​

Empty...

Similar​

  • Internal
    • ID: dec-b-3e675687

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 SA-1 Policy and Proceduresno data
💼 SA-2 Allocation of Resourcesno data
💼 SA-3 System Development Life Cycle34no data
 💼 SA-3(1) System Development Life Cycle _ Manage Preproduction Environmentno data
 💼 SA-3(2) System Development Life Cycle _ Use of Live or Operational Datano data
 💼 SA-3(3) System Development Life Cycle _ Technology Refreshno data
💼 SA-4 Acquisition Process12no data
 💼 SA-4(1) Acquisition Process _ Functional Properties of Controlsno data
 💼 SA-4(2) Acquisition Process _ Design and Implementation Information for Controlsno data
 💼 SA-4(3) Acquisition Process _ Development Methods, Techniques, and Practicesno data
 💼 SA-4(4) Acquisition Process _ Assignment of Components to Systemsno data
 💼 SA-4(5) Acquisition Process _ System, Component, and Service Configurationsno data
 💼 SA-4(6) Acquisition Process _ Use of Information Assurance Productsno data
 💼 SA-4(7) Acquisition Process _ NIAP-approved Protection Profilesno data
 💼 SA-4(8) Acquisition Process _ Continuous Monitoring Plan for Controlsno data
 💼 SA-4(9) Acquisition Process _ Functions, Ports, Protocols, and Services in Useno data
 💼 SA-4(10) Acquisition Process _ Use of Approved PIV Productsno data
 💼 SA-4(11) Acquisition Process _ System of Recordsno data
 💼 SA-4(12) Acquisition Process _ Data Ownershipno data
💼 SA-5 System Documentation5no data
 💼 SA-5(1) System Documentation _ Functional Properties of Security Controlsno data
 💼 SA-5(2) System Documentation _ Security-relevant External System Interfacesno data
 💼 SA-5(3) System Documentation _ High-level Designno data
 💼 SA-5(4) System Documentation _ Low-level Designno data
 💼 SA-5(5) System Documentation _ Source Codeno data
💼 SA-6 Software Usage Restrictionsno data
💼 SA-7 User-installed Softwareno data
💼 SA-8 Security and Privacy Engineering Principles338no data
 💼 SA-8(1) Security and Privacy Engineering Principles _ Clear Abstractionsno data
 💼 SA-8(2) Security and Privacy Engineering Principles _ Least Common Mechanismno data
 💼 SA-8(3) Security and Privacy Engineering Principles _ Modularity and Layeringno data
 💼 SA-8(4) Security and Privacy Engineering Principles _ Partially Ordered Dependenciesno data
 💼 SA-8(5) Security and Privacy Engineering Principles _ Efficiently Mediated Accessno data
 💼 SA-8(6) Security and Privacy Engineering Principles _ Minimized Sharingno data
 💼 SA-8(7) Security and Privacy Engineering Principles _ Reduced Complexityno data
 💼 SA-8(8) Security and Privacy Engineering Principles _ Secure Evolvabilityno data
 💼 SA-8(9) Security and Privacy Engineering Principles _ Trusted Componentsno data
 💼 SA-8(10) Security and Privacy Engineering Principles _ Hierarchical Trustno data
 💼 SA-8(11) Security and Privacy Engineering Principles _ Inverse Modification Thresholdno data
 💼 SA-8(12) Security and Privacy Engineering Principles _ Hierarchical Protectionno data
 💼 SA-8(13) Security and Privacy Engineering Principles _ Minimized Security Elementsno data
 💼 SA-8(14) Security and Privacy Engineering Principles _ Least Privilegeno data
 💼 SA-8(15) Security and Privacy Engineering Principles _ Predicate Permissionno data
 💼 SA-8(16) Security and Privacy Engineering Principles _ Self-reliant Trustworthinessno data
 💼 SA-8(17) Security and Privacy Engineering Principles _ Secure Distributed Compositionno data
 💼 SA-8(18) Security and Privacy Engineering Principles _ Trusted Communications Channelsno data
 💼 SA-8(19) Security and Privacy Engineering Principles _ Continuous Protection1no data
 💼 SA-8(20) Security and Privacy Engineering Principles _ Secure Metadata Managementno data
 💼 SA-8(21) Security and Privacy Engineering Principles _ Self-analysis1no data
 💼 SA-8(22) Security and Privacy Engineering Principles _ Accountability and Traceability1no data
 💼 SA-8(23) Security and Privacy Engineering Principles _ Secure Defaultsno data
 💼 SA-8(24) Security and Privacy Engineering Principles _ Secure Failure and Recoveryno data
 💼 SA-8(25) Security and Privacy Engineering Principles _ Economic Security1no data
 💼 SA-8(26) Security and Privacy Engineering Principles _ Performance Securityno data
 💼 SA-8(27) Security and Privacy Engineering Principles _ Human Factored Securityno data
 💼 SA-8(28) Security and Privacy Engineering Principles _ Acceptable Securityno data
 💼 SA-8(29) Security and Privacy Engineering Principles _ Repeatable and Documented Proceduresno data
 💼 SA-8(30) Security and Privacy Engineering Principles _ Procedural Rigorno data
 💼 SA-8(31) Security and Privacy Engineering Principles _ Secure System Modificationno data
 💼 SA-8(32) Security and Privacy Engineering Principles _ Sufficient Documentationno data
 💼 SA-8(33) Security and Privacy Engineering Principles _ Minimizationno data
💼 SA-9 External System Services811no data
 💼 SA-9(1) External System Services _ Risk Assessments and Organizational Approvalsno data
 💼 SA-9(2) External System Services _ Identification of Functions, Ports, Protocols, and Servicesno data
 💼 SA-9(3) External System Services _ Establish and Maintain Trust Relationship with Providersno data
 💼 SA-9(4) External System Services _ Consistent Interests of Consumers and Providersno data
 💼 SA-9(5) External System Services _ Processing, Storage, and Service Location11no data
 💼 SA-9(6) External System Services _ Organization-controlled Cryptographic Keysno data
 💼 SA-9(7) External System Services _ Organization-controlled Integrity Checkingno data
 💼 SA-9(8) External System Services _ Processing and Storage Location — U.S. Jurisdictionno data
💼 SA-10 Developer Configuration Management73no data
 💼 SA-10(1) Developer Configuration Management _ Software and Firmware Integrity Verificationno data
 💼 SA-10(2) Developer Configuration Management _ Alternative Configuration Management Processesno data
 💼 SA-10(3) Developer Configuration Management _ Hardware Integrity Verificationno data
 💼 SA-10(4) Developer Configuration Management _ Trusted Generationno data
 💼 SA-10(5) Developer Configuration Management _ Mapping Integrity for Version Controlno data
 💼 SA-10(6) Developer Configuration Management _ Trusted Distributionno data
 💼 SA-10(7) Developer Configuration Management _ Security and Privacy Representativesno data
💼 SA-11 Developer Testing and Evaluation91no data
 💼 SA-11(1) Developer Testing and Evaluation _ Static Code Analysis1no data
 💼 SA-11(2) Developer Testing and Evaluation _ Threat Modeling and Vulnerability Analysesno data
 💼 SA-11(3) Developer Testing and Evaluation _ Independent Verification of Assessment Plans and Evidenceno data
 💼 SA-11(4) Developer Testing and Evaluation _ Manual Code Reviewsno data
 💼 SA-11(5) Developer Testing and Evaluation _ Penetration Testingno data
 💼 SA-11(6) Developer Testing and Evaluation _ Attack Surface Reviews1no data
 💼 SA-11(7) Developer Testing and Evaluation _ Verify Scope of Testing and Evaluationno data
 💼 SA-11(8) Developer Testing and Evaluation _ Dynamic Code Analysisno data
 💼 SA-11(9) Developer Testing and Evaluation _ Interactive Application Security Testingno data
💼 SA-12 Supply Chain Protection15no data
 💼 SA-12(1) Supply Chain Protection _ Acquisition Strategies / Tools / Methodsno data
 💼 SA-12(2) Supply Chain Protection _ Supplier Reviewsno data
 💼 SA-12(3) Supply Chain Protection _ Trusted Shipping and Warehousingno data
 💼 SA-12(4) Supply Chain Protection _ Diversity of Suppliersno data
 💼 SA-12(5) Supply Chain Protection _ Limitation of Harmno data
 💼 SA-12(6) Supply Chain Protection _ Minimizing Procurement Timeno data
 💼 SA-12(7) Supply Chain Protection _ Assessments Prior to Selection / Acceptance / Updateno data
 💼 SA-12(8) Supply Chain Protection _ Use of All-source Intelligenceno data
 💼 SA-12(9) Supply Chain Protection _ Operations Securityno data
 💼 SA-12(10) Supply Chain Protection _ Validate as Genuine and Not Alteredno data
 💼 SA-12(11) Supply Chain Protection _ Penetration Testing / Analysis of Elements, Processes, and Actorsno data
 💼 SA-12(12) Supply Chain Protection _ Inter-organizational Agreementsno data
 💼 SA-12(13) Supply Chain Protection _ Critical Information System Componentsno data
 💼 SA-12(14) Supply Chain Protection _ Identity and Traceabilityno data
 💼 SA-12(15) Supply Chain Protection _ Processes to Address Weaknesses or Deficienciesno data
💼 SA-13 Trustworthinessno data
💼 SA-14 Criticality Analysis1no data
 💼 SA-14(1) Criticality Analysis _ Critical Components with No Viable Alternative Sourcingno data
💼 SA-15 Development Process, Standards, and Tools121no data
 💼 SA-15(1) Development Process, Standards, and Tools _ Quality Metricsno data
 💼 SA-15(2) Development Process, Standards, and Tools _ Security and Privacy Tracking Tools1no data
 💼 SA-15(3) Development Process, Standards, and Tools _ Criticality Analysisno data
 💼 SA-15(4) Development Process, Standards, and Tools _ Threat Modeling and Vulnerability Analysisno data
 💼 SA-15(5) Development Process, Standards, and Tools _ Attack Surface Reductionno data
 💼 SA-15(6) Development Process, Standards, and Tools _ Continuous Improvementno data
 💼 SA-15(7) Development Process, Standards, and Tools _ Automated Vulnerability Analysisno data
 💼 SA-15(8) Development Process, Standards, and Tools _ Reuse of Threat and Vulnerability Information1no data
 💼 SA-15(9) Development Process, Standards, and Tools _ Use of Live Datano data
 💼 SA-15(10) Development Process, Standards, and Tools _ Incident Response Planno data
 💼 SA-15(11) Development Process, Standards, and Tools _ Archive System or Componentno data
 💼 SA-15(12) Development Process, Standards, and Tools _ Minimize Personally Identifiable Informationno data
💼 SA-16 Developer-provided Trainingno data
💼 SA-17 Developer Security and Privacy Architecture and Design9no data
 💼 SA-17(1) Developer Security and Privacy Architecture and Design _ Formal Policy Modelno data
 💼 SA-17(2) Developer Security and Privacy Architecture and Design _ Security-relevant Componentsno data
 💼 SA-17(3) Developer Security and Privacy Architecture and Design _ Formal Correspondenceno data
 💼 SA-17(4) Developer Security and Privacy Architecture and Design _ Informal Correspondenceno data
 💼 SA-17(5) Developer Security and Privacy Architecture and Design _ Conceptually Simple Designno data
 💼 SA-17(6) Developer Security and Privacy Architecture and Design _ Structure for Testingno data
 💼 SA-17(7) Developer Security and Privacy Architecture and Design _ Structure for Least Privilegeno data
 💼 SA-17(8) Developer Security and Privacy Architecture and Design _ Orchestrationno data
 💼 SA-17(9) Developer Security and Privacy Architecture and Design _ Design Diversityno data
💼 SA-18 Tamper Resistance and Detection2no data
 💼 SA-18(1) Tamper Resistance and Detection _ Multiple Phases of System Development Life Cycleno data
 💼 SA-18(2) Tamper Resistance and Detection _ Inspection of Systems or Componentsno data
💼 SA-19 Component Authenticity4no data
 💼 SA-19(1) Component Authenticity _ Anti-counterfeit Trainingno data
 💼 SA-19(2) Component Authenticity _ Configuration Control for Component Service and Repairno data
 💼 SA-19(3) Component Authenticity _ Component Disposalno data
 💼 SA-19(4) Component Authenticity _ Anti-counterfeit Scanningno data
💼 SA-20 Customized Development of Critical Componentsno data
💼 SA-21 Developer Screening1no data
 💼 SA-21(1) Developer Screening _ Validation of Screeningno data
💼 SA-22 Unsupported System Components1no data
 💼 SA-22(1) Unsupported System Components _ Alternative Sources for Continued Supportno data
💼 SA-23 Specializationno data