System And Services Acquisition Control Family
Page last updated:
Number | Control | Pivotal Application Service (PAS) Compliance |
---|---|---|
SA-1 | SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES | Deployer responsibility |
SA-2 | ALLOCATION OF RESOURCES | Deployer responsibility |
SA-3 | SYSTEM DEVELOPMENT LIFE CYCLE | Deployer responsibility |
SA-4 | ACQUISITION PROCESS | Deployer responsibility |
SA-5 | INFORMATION SYSTEM DOCUMENTATION | Compliant |
SA-6 | SOFTWARE USAGE RESTRICTIONS | Not applicable |
SA-7 | USER-INSTALLED SOFTWARE | Not applicable |
SA-8 | SECURITY ENGINEERING PRINCIPLES | Deployer responsibility |
SA-9 | EXTERNAL INFORMATION SYSTEM SERVICES | Deployer responsibility |
SA-10 | DEVELOPER CONFIGURATION MANAGEMENT | Compliant, and deployer responsibility |
SA-11 | DEVELOPER SECURITY TESTING AND EVALUATION | Compliant, and deployer responsibility |
SA-12 | SUPPLY CHAIN PROTECTION | Not applicable |
SA-13 | TRUSTWORTHINESS | Not applicable |
SA-14 | CRITICALITY ANALYSIS | Not applicable |
SA-15 | DEVELOPMENT PROCESS, STANDARDS, AND TOOLS | Not applicable |
SA-16 | DEVELOPER-PROVIDED TRAINING | Not applicable |
SA-17 | DEVELOPER SECURITY ARCHITECTURE AND DESIGN | Not applicable |
SA-18 | TAMPER RESISTANCE AND DETECTION | |
SA-19 | COMPONENT AUTHENTICITY | Not applicable |
SA-20 | CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS | Not applicable |
SA-21 | DEVELOPER SCREENING | Not applicable |
SA-22 | UNSUPPORTED SYSTEM COMPONENTS | Not applicable |