NIST Special Publication 800-53 (Rev. 4)

Security and Privacy Controls for Federal Information Systems and Organizations

System and Services Acquisition Control Family

Showing 22 controls:
No. Control Priority Low Moderate High
SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES P1
SA-1
SA-1
SA-1
SA-2 ALLOCATION OF RESOURCES P1
SA-2
SA-2
SA-2
SA-3 SYSTEM DEVELOPMENT LIFE CYCLE P1
SA-3
SA-3
SA-3
SA-4 ACQUISITION PROCESS P1
SA-4 (10)
SA-4 (1) (2) (9) (10)
SA-4 (1) (2) (9) (10)
SA-5 INFORMATION SYSTEM DOCUMENTATION P2
SA-5
SA-5
SA-5
SA-6 SOFTWARE USAGE RESTRICTIONS
SA-7 USER-INSTALLED SOFTWARE
SA-8 SECURITY ENGINEERING PRINCIPLES P1
SA-8
SA-8
SA-9 EXTERNAL INFORMATION SYSTEM SERVICES P1
SA-9
SA-9 (2)
SA-9 (2)
SA-10 DEVELOPER CONFIGURATION MANAGEMENT P1
SA-10
SA-10
SA-11 DEVELOPER SECURITY TESTING AND EVALUATION P1
SA-11
SA-11
SA-12 SUPPLY CHAIN PROTECTION P1
SA-12
SA-13 TRUSTWORTHINESS P0
SA-14 CRITICALITY ANALYSIS P0
SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS P2
SA-15
SA-16 DEVELOPER-PROVIDED TRAINING P2
SA-16
SA-17 DEVELOPER SECURITY ARCHITECTURE AND DESIGN P1
SA-17
SA-18 TAMPER RESISTANCE AND DETECTION P0
SA-19 COMPONENT AUTHENTICITY P0
SA-20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS P0
SA-21 DEVELOPER SCREENING P0
SA-22 UNSUPPORTED SYSTEM COMPONENTS P0