Back

Include a description of the development environment and operational environment in system acquisition contracts.


CONTROL ID
14256
CONTROL TYPE
Acquisition/Sale of Assets or Services
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system acquisition contracts., CC ID: 14758

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Description of the system development environment and environment in which the system is intended to operate; (SA-4g., FedRAMP Security Controls High Baseline, Version 5)
  • Description of the system development environment and environment in which the system is intended to operate; (SA-4g., FedRAMP Security Controls Low Baseline, Version 5)
  • Description of the system development environment and environment in which the system is intended to operate; (SA-4g., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Description of the system development environment and environment in which the system is intended to operate; (SA-4g., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Description of the system development environment and environment in which the system is intended to operate; (SA-4g., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Description of the system development environment and environment in which the system is intended to operate; (SA-4g., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Description of the system development environment and environment in which the system is intended to operate; (SA-4g., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Description of the system development environment and environment in which the system is intended to operate; (SA-4g., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Description of the system development environment and environment in which the system is intended to operate; (SA-4g., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Description of the system development environment and environment in which the system is intended to operate; (SA-4g., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Description of the system development environment and environment in which the system is intended to operate; (SA-4g., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The organization requires the developer of the information system, system component, or information system service to demonstrate the use of a system development life cycle that includes [Assignment: organization-defined state-of-the-practice system/security engineering methods, software development… (SA-4(3) ΒΆ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Description of the system development environment and environment in which the system is intended to operate; (SA-4g., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Description of the system development environment and environment in which the system is intended to operate; (SA-4g., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f., TX-RAMP Security Controls Baseline Level 1)
  • Description of the information system development environment and environment in which the system is intended to operate; and (SA-4f., TX-RAMP Security Controls Baseline Level 2)