Table E-15: Tailoring Actions for System and Services Acquisition Controls37
NIST SP 800-53 MODERATE BASELINE SECURITY CONTROLS |
TAILORING |
|
SA-1 |
System and Services Acquisition Policy and Procedures |
NFO |
SA-2 |
Allocation of Resources |
NFO |
SA-3 |
System Development Life Cycle |
NFO |
SA-4 |
Acquisition Process |
NFO |
SA-4(1) |
ACQUISITION PROCESS | FUNCTIONAL PROPERTIES OF SECURITY CONTROLS |
NFO |
SA-4(2) |
ACQUISITION PROCESS | DESIGN / IMPLEMENTATION INFORMATION FOR SECURITY CONTROLS |
NFO |
SA-4(9) |
ACQUISITION PROCESS | FUNCTIONS / PORTS / PROTOCOLS / SERVICES IN USE |
NFO |
SA-4(10) |
ACQUISITION PROCESS | USE OF APPROVED PIV PRODUCTS |
NFO |
SA-5 |
Information System Documentation |
NFO |
SA-8 |
Security Engineering Principles |
CUI |
SA-9 |
External Information System Services |
NFO |
SA-9(2) |
EXTERNAL INFORMATION SYSTEMS | IDENTIFICATION OF FUNCTIONS / PORTS / PROTOCOLS / SERVICES |
NFO |
SA-10 |
Developer Configuration Management |
NFO |
SA-11 |
Developer Security Testing and Evaluation |
NFO |