>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-4(5)Acquisition Process

PBMM (P3)
Secret (P3)
Management

>Control Description

ACQUISITION PROCESS | SYSTEM / COMPONENT / SERVICE CONFIGURATIONS The organization requires the developer of the information system, system component, or information system service to: (a) Deliver the system, component, or service with organization-defined security configurations implemented; and (b) Use the configurations as the default for any subsequent system, component, or service reinstallation or upgrade.

>Supplemental Guidance

Security characteristics include, for example, requiring that all default passwords have been changed. Related control: CM-8.

>Tailoring Guidance

The intent behind this security enhancement is that organizations can deploy information system components in a secure manner with relatively little additional effort. The concern is that if information system components are not delivered in a secure, documented configuration then additional burden will fall on the organization deploying the components.

Ask AI

Configure your API key to use AI features.