| SA-1 |
SYSTEM AND SERVICES ACQUISITION POLICY AND PROCEDURES |
Deployer responsibility |
| SA-2 |
ALLOCATION OF RESOURCES |
Deployer responsibility |
| SA-3 |
SYSTEM DEVELOPMENT LIFE CYCLE |
Deployer responsibility |
| SA-4 |
ACQUISITION PROCESS |
Deployer responsibility |
| SA-5 |
INFORMATION SYSTEM DOCUMENTATION |
Compliant |
| SA-6 |
SOFTWARE USAGE RESTRICTIONS |
Not applicable |
| SA-7 |
USER-INSTALLED SOFTWARE |
Not applicable |
| SA-8 |
SECURITY ENGINEERING PRINCIPLES |
Deployer responsibility |
| SA-9 |
EXTERNAL INFORMATION SYSTEM SERVICES |
Deployer responsibility |
| SA-10 |
DEVELOPER CONFIGURATION MANAGEMENT |
Compliant, and deployer responsibility |
| SA-11 |
DEVELOPER SECURITY TESTING AND EVALUATION |
Compliant, and deployer responsibility |
| SA-12 |
SUPPLY CHAIN PROTECTION |
Not applicable |
| SA-13 |
TRUSTWORTHINESS |
Not applicable |
| SA-14 |
CRITICALITY ANALYSIS |
Not applicable |
| SA-15 |
DEVELOPMENT PROCESS, STANDARDS, AND TOOLS |
Not applicable |
| SA-16 |
DEVELOPER-PROVIDED TRAINING |
Not applicable |
| SA-17 |
DEVELOPER SECURITY ARCHITECTURE AND DESIGN |
Not applicable |
| SA-18 |
TAMPER RESISTANCE AND DETECTION |
<Not applicable/td> |
| SA-19 |
COMPONENT AUTHENTICITY |
Not applicable |
| SA-20 |
CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS |
Not applicable |
| SA-21 |
DEVELOPER SCREENING |
Not applicable |
| SA-22 |
UNSUPPORTED SYSTEM COMPONENTS |
Not applicable |
