OpenControls Logo

STIG Viewer

NIST 800-53 Rev 5

424 controls available

My Controls0NIST 800-53 Catalog424Collections0
SA-15moderatehigh

Development Process, Standards, and Tools

System and Services Acquisition

Control Statement

Require the developer of the system, system component, or system service to follow a documented development process that: Explicitly addresses security and privacy requirements; Identifies the standards and tools used in the development process; Documents the specific tool options and tool configurations used in the development process; and Documents, manages, and ensures the integrity of changes to the process and/or tools used in development; and Review the development process, standards, tools, tool options, and tool configurations {{ insert: param, sa-15_odp.01 }} to determine if the process, standards, tools, tool options and tool configurations selected and employed can satisfy the following security and privacy requirements: {{ insert: param, sa-15_prm_2 }}.

Discussion

Development tools include programming languages and computer-aided design systems. Reviews of development processes include the use of maturity models to determine the potential effectiveness of such processes. Maintaining the integrity of changes to tools and processes facilitates effective supply chain risk assessment and mitigation. Such integrity requires configuration control throughout the system development life cycle to track authorized changes and prevent unauthorized changes.

Framework
NIST SP 800-53 Rev 5
Family
System and Services Acquisition
Baselines
moderate, high

Related Frameworks

21 paths across 1 framework
CCI21 mappings
CCI-003233
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003234
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003235
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003236
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003237
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003238
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003239
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003240
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003241
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003242
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003243
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003244
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003245
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-003246
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004816
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004817
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004818
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004819
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004820
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004821
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent
CCI-004822
1.00
  • DISA · 2025-01-23 · disa_cci_list · equivalent

Related STIGs

2 STIGs reach this control through 77 CCIs. Expand a row to see the responsible NICE and O*NET roles.

Web / Application Server

2 STIGs
Application Security and Development Security Technical Implementation Guide
62025-02-125 of 286 findings match
Application Security and Development Security Technical Implementation Guide
V6R42025-09-095 of 286 findings match