National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

NIST Special Publication 800-53 (Rev. 4)

Security Controls and Assessment Procedures for Federal Information Systems and Organizations

System And Services Acquisition Control Family

Showing 22 controls:
No. Control Priority Low Moderate High
SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES P1 SA-1 SA-1 SA-1
SA-2 ALLOCATION OF RESOURCES P1 SA-2 SA-2 SA-2
SA-3 SYSTEM DEVELOPMENT LIFE CYCLE P1 SA-3 SA-3 SA-3
SA-4 ACQUISITION PROCESS P1 SA-4 (10) SA-4 (1) (2) (9) (10) SA-4 (1) (2) (9) (10)
SA-5 INFORMATION SYSTEM DOCUMENTATION P2 SA-5 SA-5 SA-5
SA-6 SOFTWARE USAGE RESTRICTIONS
SA-7 USER-INSTALLED SOFTWARE
SA-8 SECURITY ENGINEERING PRINCIPLES P1 SA-8 SA-8
SA-9 EXTERNAL INFORMATION SYSTEM SERVICES P1 SA-9 SA-9 (2) SA-9 (2)
SA-10 DEVELOPER CONFIGURATION MANAGEMENT P1 SA-10 SA-10
SA-11 DEVELOPER SECURITY TESTING AND EVALUATION P1 SA-11 SA-11
SA-12 SUPPLY CHAIN PROTECTION P1 SA-12
SA-13 TRUSTWORTHINESS P0
SA-14 CRITICALITY ANALYSIS P0
SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS P2 SA-15
SA-16 DEVELOPER-PROVIDED TRAINING P2 SA-16
SA-17 DEVELOPER SECURITY ARCHITECTURE AND DESIGN P1 SA-17
SA-18 TAMPER RESISTANCE AND DETECTION P0
SA-19 COMPONENT AUTHENTICITY P0
SA-20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS P0
SA-21 DEVELOPER SCREENING P0
SA-22 UNSUPPORTED SYSTEM COMPONENTS P0