>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-4(7)Acquisition Process

Secret (P1)
Management

>Control Description

ACQUISITION PROCESS | NIAP-APPROVED PROTECTION PROFILES (a) The organization limits the use of commercially provided information assurance (IA) and IA-enabled information technology products to those products that have been successfully evaluated against a CSE-approved Protection Profile for a specific technology type, if such a profile exists; and (b) The organization requires, if no CSE-approved Protection Profile exists for a specific technology type but a commercially provided information technology product relies on cryptographic functionality to enforce its security policy, that the cryptographic module is FIPS-validated.

>Supplemental Guidance

Related controls: SC-12, SC-13.

Ask AI

Configure your API key to use AI features.