System And Services Acquisition Control Family

Page last updated:

Number Control Pivotal Application Service (PAS) Compliance
SA-1 SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES Deployer responsibility
SA-2 ALLOCATION OF RESOURCES Deployer responsibility
SA-3 SYSTEM DEVELOPMENT LIFE CYCLE Deployer responsibility
SA-4 ACQUISITION PROCESS Deployer responsibility
SA-5 INFORMATION SYSTEM DOCUMENTATION Compliant
SA-6 SOFTWARE USAGE RESTRICTIONS Not applicable
SA-7 USER-INSTALLED SOFTWARE Not applicable
SA-8 SECURITY ENGINEERING PRINCIPLES Deployer responsibility
SA-9 EXTERNAL INFORMATION SYSTEM SERVICES Deployer responsibility
SA-10 DEVELOPER CONFIGURATION MANAGEMENT Compliant, and deployer responsibility
SA-11 DEVELOPER SECURITY TESTING AND EVALUATION Compliant, and deployer responsibility
SA-12 SUPPLY CHAIN PROTECTION Not applicable
SA-13 TRUSTWORTHINESS Not applicable
SA-14 CRITICALITY ANALYSIS Not applicable
SA-15 DEVELOPMENT PROCESS, STANDARDS, AND TOOLS Not applicable
SA-16 DEVELOPER-PROVIDED TRAINING Not applicable
SA-17 DEVELOPER SECURITY ARCHITECTURE AND DESIGN Not applicable
SA-18 TAMPER RESISTANCE AND DETECTION
SA-19 COMPONENT AUTHENTICITY Not applicable
SA-20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS Not applicable
SA-21 DEVELOPER SCREENING Not applicable
SA-22 UNSUPPORTED SYSTEM COMPONENTS Not applicable