Skip to main content

πŸ’Ό SA-3 System Development Life Cycle

Description​

a. Acquire, develop, and manage the system using [Assignment: organization-defined system development life cycle] that incorporates information security and privacy considerations; b. Define and document information security and privacy roles and responsibilities throughout the system development life cycle; c. Identify individuals having information security and privacy roles and responsibilities; and d. Integrate the organizational information security and privacy risk management process into system development life cycle activities.

Similar​

  • Sections
    • /frameworks/aws-fsbp-v1.0.0/codebuild/01
    • /frameworks/aws-fsbp-v1.0.0/codebuild/02
    • /frameworks/aws-fsbp-v1.0.0/ssm/01
  • Internal
    • ID: dec-c-0e8ce4f5

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CodeBuild.1] CodeBuild Bitbucket source repository URLs should not contain sensitive credentials11
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [CodeBuild.2] CodeBuild project environment variables should not contain clear text credentials
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [SSM.1] Amazon EC2 instances should be managed by AWS Systems Manager

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SA-3 System Development Life Cycle (L)(M)(H)4
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SA-3 System Development Life Cycle (L)(M)(H)4
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles21

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SA-3(1) System Development Life Cycle _ Manage Preproduction Environment
πŸ’Ό SA-3(2) System Development Life Cycle _ Use of Live or Operational Data
πŸ’Ό SA-3(3) System Development Life Cycle _ Technology Refresh

Policies (4)​

PolicyLogic CountFlags
πŸ“ AWS CodeBuild Project Bitbucket Source Location URL contains credentials 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance user options Database Flag is configured 🟒1🟒 x6