NIST SP 800-53 r4 - Security Control Family: System and Services Acquisition - Controls for HIGH Impact Systems, v4
Profile of requirements corresponding to all HIGH impact security controls in NIST Special Publication 800-53, r4, under the control family of System and Services Acquisition.
| Identifier | https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4---security-control-family_-system-and-services-acquisition---controls-for-high-impact-systems/4/ | ||||
| Publication Date | 2021-04-26 | ||||
| Issuing Organization |
Trustmark Initiative (https://trustmarkinitiative.org/)
View Contact
|
||||
| Keywords | 800-53, NIST, Security, Services Acquisition, System, High | ||||
| Legal Notice | This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein. |
Loading...
Trust Expression:
TIP_NISTSP80053r4SecurityControlFamilySystemandServicesAcquisitionControlsforMODERATEImpactSystems and TIP_NISTSP80053r4SecurityControlSA1SystemandServicesAcquisitionPolicyandProcedures and TIP_NISTSP80053r4SecurityControlSA2AllocationofResources and TIP_NISTSP80053r4SecurityControlSA3SystemDevelopmentLifeCycle and TIP_NISTSP80053r4SecurityControlSA4AcquisitionProcess and TIP_NISTSP80053r4SecurityControlSA41FunctionalPropertiesofSecurityControls and TIP_NISTSP80053r4SecurityControlSA42DesignImplementationInformationforSecurityControls and TIP_NISTSP80053r4SecurityControlSA49FunctionsPortsProtocolsServicesinUse and TIP_NISTSP80053r4SecurityControlSA410UseofApprovedPIVProducts and TIP_NISTSP80053r4SecurityControlSA5InformationSystemDocumentation and TIP_NISTSP80053r4SecurityControlSA8SecurityEngineeringPrinciples and TIP_NISTSP80053r4SecurityControlSA9ExternalInformationSystemServices and TIP_NISTSP80053r4SecurityControlSA92IdentificationofFunctionsPortsProtocolsServices and TIP_NISTSP80053r4SecurityControlSA10DeveloperConfigurationManagement and TIP_NISTSP80053r4SecurityControlSA11DeveloperSecurityTestingandEvaluation and TIP_NISTSP80053r4SecurityControlSA12SupplyChainProtection and TIP_NISTSP80053r4SecurityControlSA15DevelopmentProcessStandardsandTools and TIP_NISTSP80053r4SecurityControlSA16DeveloperProvidedTraining and TIP_NISTSP80053r4SecurityControlSA17DeveloperSecurityArchitectureandDesign
References (19)
| TIP NIST SP 800-53 r4 - Security Control Family: System and Services Acquisition - Controls for MODERATE Impact Systems, v4 | |
|---|---|
| Description | Profile of requirements corresponding to all MODERATE impact security controls in NIST Special Publication 800-53, r4, under the control family of System and Services Acquisition. |
| ID | TIP_NISTSP80053r4SecurityControlFamilySystemandServicesAcquisitionControlsforMODERATEImpactSystems |
| TIP NIST SP 800-53 r4 Security Control SA-1: System and Services Acquisition Policy and Procedures, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-1: System and Services Acquisition Policy and Procedures. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA1SystemandServicesAcquisitionPolicyandProcedures |
| TIP NIST SP 800-53 r4 Security Control SA-2: Allocation of Resources, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-2: Allocation of Resources. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA2AllocationofResources |
| TIP NIST SP 800-53 r4 Security Control SA-3: System Development Life Cycle, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-3: System Development Life Cycle. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA3SystemDevelopmentLifeCycle |
| TIP NIST SP 800-53 r4 Security Control SA-4: Acquisition Process, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4: Acquisition Process. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA4AcquisitionProcess |
| TIP NIST SP 800-53 r4 Security Control SA-4 (1): Functional Properties of Security Controls, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4 (1): Functional Properties of Security Controls. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA41FunctionalPropertiesofSecurityControls |
| TIP NIST SP 800-53 r4 Security Control SA-4 (2): Design / Implementation Information for Security Controls, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4 (2): Design / Implementation Information for Security Controls. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA42DesignImplementationInformationforSecurityControls |
| TIP NIST SP 800-53 r4 Security Control SA-4 (9): Functions / Ports / Protocols / Services in Use, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4 (9): Functions / Ports / Protocols / Services in Use. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA49FunctionsPortsProtocolsServicesinUse |
| TIP NIST SP 800-53 r4 Security Control SA-4 (10): Use of Approved PIV Products, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-4 (10): Use of Approved PIV Products. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA410UseofApprovedPIVProducts |
| TIP NIST SP 800-53 r4 Security Control SA-5: Information System Documentation, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-5: Information System Documentation. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA5InformationSystemDocumentation |
| TIP NIST SP 800-53 r4 Security Control SA-8: Security Engineering Principles, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-8: Security Engineering Principles. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA8SecurityEngineeringPrinciples |
| TIP NIST SP 800-53 r4 Security Control SA-9: External Information System Services, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-9: External Information System Services. Applicable to LOW impact, MODERATE impact, and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA9ExternalInformationSystemServices |
| TIP NIST SP 800-53 r4 Security Control SA-9 (2): Identification of Functions / Ports / Protocols / Services, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-9 (2): Identification of Functions / Ports / Protocols / Services. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA92IdentificationofFunctionsPortsProtocolsServices |
| TIP NIST SP 800-53 r4 Security Control SA-10: Developer Configuration Management, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-10: Developer Configuration Management. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA10DeveloperConfigurationManagement |
| TIP NIST SP 800-53 r4 Security Control SA-11: Developer Security Testing and Evaluation, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-11: Developer Security Testing and Evaluation. Applicable to MODERATE impact and HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA11DeveloperSecurityTestingandEvaluation |
| TIP NIST SP 800-53 r4 Security Control SA-12: Supply Chain Protection, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-12: Supply Chain Protection. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA12SupplyChainProtection |
| TIP NIST SP 800-53 r4 Security Control SA-15: Development Process, Standards, and Tools, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-15: Development Process, Standards, and Tools. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA15DevelopmentProcessStandardsandTools |
| TIP NIST SP 800-53 r4 Security Control SA-16: Developer-Provided Training, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-16: Developer-Provided Training. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA16DeveloperProvidedTraining |
| TIP NIST SP 800-53 r4 Security Control SA-17: Developer Security Architecture and Design, v4 | |
|---|---|
| Description | Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control SA-17: Developer Security Architecture and Design. Applicable to HIGH impact systems. |
| ID | TIP_NISTSP80053r4SecurityControlSA17DeveloperSecurityArchitectureandDesign |
Sources (1)
| SP800-53R4 | NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4. |