>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-4Acquisition Process

>Control Description

Include the following requirements, descriptions, and criteria, explicitly or by reference, using [Selection (one or more): standardized contract language; organization-defined contract language] in the acquisition contract for the system, system component, or system service: a. Security and privacy functional requirements; b. Strength of mechanism requirements; c. Security and privacy assurance requirements; d. Controls needed to satisfy the security and privacy requirements. e. Security and privacy documentation requirements; f. Requirements for protecting security and privacy documentation; g. Description of the system development environment and environment in which the system is intended to operate; h. Allocation of responsibility or identification of parties responsible for information security, privacy, and supply chain risk management; and i. Acceptance criteria.

>Related Controls

CM-6
CM-8
PS-7
SA-3
SA-5
SA-8
SA-11
SA-15
SA-16
SA-17
SA-21
SR-3
SR-5

Ask AI

Configure your API key to use AI features.