>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SLC-07System Acquisition Approval

>Control Description

Information system acquisitions require approval from authorized personnel based on verification of the following documented evidence: • security function, strength, and assurance requirements • requirements for protecting security-related documentation • system development and test requirements • acceptance criteria for releases • enumeration of Security controls • security control implementation and monitoring requirements • components are FIPS-201 approved

Theme

Process

Type

Preventive

Policy/Standard

Secure Development Lifecycle Policy

>Implementation Guidance

1. Define and implement a procedure for the formal approval from an authorized personnel Information system acquisitions based on verification of the following documented evidence: • security function, strength, and assurance requirements • requirements for protecting security-related documentation • system development and test requirements • acceptance criteria for releases • enumeration of Security controls • security control implementation and monitoring requirements • components are FIPS-201 approved

>Testing Procedure

1. Obtain evidence of approval from authorized personnel for Information system acquisitions based on verification of the following documented evidence: • security function, strength, and assurance requirements • requirements for protecting security-related documentation • system development and test requirements • acceptance criteria for releases • enumeration of Security controls • security control implementation and monitoring requirements • components are FIPS-201 approved

>Audit Artifacts

E-SLC-11

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
1

16.11

FedRAMP Rev 5
2

SA-04
SA-04 (02)

TX-RAMP
2

SA-4
SA-4(2)

Ask AI

Configure your API key to use AI features.