>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-4(6)Acquisition Process

Secret (P1)
Management

>Control Description

ACQUISITION PROCESS | USE OF INFORMATION ASSURANCE PRODUCTS (a) The organization employs only government off-the-shelf (GOTS) or commercial off-the-shelf (COTS) IT security and security-enabled information technology products that compose an CSE-approved solution to protect classified information when the networks used to transmit the information are at a lower classification level than the information being transmitted; and (b) The organization ensures that these products have been evaluated and/or validated by CSE or in accordance with CSE-approved procedures.

>Supplemental Guidance

IT security or security-enabled information technology products used to protect classified information by cryptographic means may be required to use CSE-approved key management. The cryptography must be compliant to the requirements of security control SC-13. Related controls: SC-8, SC-12, SC-13.

Ask AI

Configure your API key to use AI features.