Guidance for NIST 800-171 Assessment & Compliance

System and Services Acquisition Policy and Procedures

Table E-15: Tailoring Actions for System and Services Acquisition Controls37

NIST SP 800-53 MODERATE BASELINE SECURITY CONTROLS		TAILORING ACTION
SA-1	System and Services Acquisition Policy and Procedures	NFO
SA-2	Allocation of Resources	NFO
SA-3	System Development Life Cycle	NFO
SA-4	Acquisition Process	NFO
SA-4(1)	ACQUISITION PROCESS \| FUNCTIONAL PROPERTIES OF SECURITY CONTROLS	NFO
SA-4(2)	ACQUISITION PROCESS \| DESIGN / IMPLEMENTATION INFORMATION FOR SECURITY CONTROLS	NFO
SA-4(9)	ACQUISITION PROCESS \| FUNCTIONS / PORTS / PROTOCOLS / SERVICES IN USE	NFO
SA-4(10)	ACQUISITION PROCESS \| USE OF APPROVED PIV PRODUCTS	NFO
SA-5	Information System Documentation	NFO
SA-8	Security Engineering Principles	CUI
SA-9	External Information System Services	NFO
SA-9(2)	EXTERNAL INFORMATION SYSTEMS \| IDENTIFICATION OF FUNCTIONS / PORTS / PROTOCOLS / SERVICES	NFO
SA-10	Developer Configuration Management	NFO
SA-11	Developer Security Testing and Evaluation	NFO

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056