SA — System and Services Acquisition
18 controls in the System and Services Acquisition family
SA-01Policy and Procedures
SA-02Allocation of Resources
SA-03System Development Life Cycle
SA-04Acquisition Process
SA-04(01)Acquisition Process | Functional Properties of Controls
SA-04(02)Acquisition Process | Design and Implementation Information for Controls
SA-04(09)Acquisition Process | Functions, Ports, Protocols, and Services in Use
SA-05System Documentation
SA-08Security and Privacy Engineering Principles
SA-09External System Services
SA-09(01)External System Services | Risk Assessments and Organizational Approvals
SA-09(02)External System Services | Identification of Functions, Ports, Protocols, and Services
SA-09(05)External System Services | Processing, Storage, and Service Location
SA-10Developer Configuration Management
SA-11Developer Testing and Evaluation
SA-11(01)Developer Testing and Evaluation | Static Code Analysis
SA-11(02)Developer Testing and Evaluation | Threat Modeling and Vulnerability Analyses
SA-15Development Process, Standards, and Tools