>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-4(3)Acquisition Process

Management

>Control Description

ACQUISITION PROCESS | DEVELOPMENT METHODS / TECHNIQUES / PRACTICES The organization requires the developer of the information system, system component, or information system service to demonstrate the use of a system development life cycle that includes organization-defined state-of-the-practice system/security engineering methods, software development methods, testing/evaluation/validation techniques, and quality control processes.

>Supplemental Guidance

Following a well-defined system development life cycle that includes state-of-the-practice software development methods, systems/security engineering methods, quality control processes, and testing, evaluation, and validation techniques helps to reduce the number and severity of latent errors within information systems, system components, and information system services. Reducing the number/severity of such errors reduces the number of vulnerabilities in those systems, components, and services. Related control: SA-12.

Ask AI

Configure your API key to use AI features.