SA — System and Services Acquisition
26 controls in the System and Services Acquisition family
SA-1Policy And Procedures
SA-2Allocation Of Resources
SA-3System Development Life Cycle
SA-4Acquisition Process
SA-4(5)System, Component, And Service Configurations
SA-4(7)Niap-Approved Protection Profiles
SA-4(8)Continuous Monitoring Plan For Controls
SA-5System Documentation
SA-8Security And Privacy Engineering Principles
SA-9External System Services
SA-9(1)Risk Assessments And Organizational Approvals
SA-9(3)Establish And Maintain Trust Relationship With Providers
SA-9(4)Consistent Interests Of Consumers And Providers
SA-9(5)Processing, Storage, And Service Location
SA-10Developer Configuration Management
SA-11Developer Testing And Evaluation
SA-15Development Process, Standards, And Tools
SA-15(3)Criticality Analysis
SA-15(4)Threat Modeling And Vulnerability Analysis
SA-15(8)Reuse Of Threat And Vulnerability Information
SA-16Developer-Provided Training
SA-17Developer Security And Privacy Architecture And Design
SA-20Customized Development Of Critical Components
SA-21Developer Screening
SA-21(1)Validation Of Screening
SA-22Unsupported System Components