800-53|SA-3

Title

SYSTEM DEVELOPMENT LIFE CYCLE

Description

The organization:

Supplemental

A well-defined system development life cycle provides the foundation for the successful development, implementation, and operation of organizational information systems. To apply the required security controls within the system development life cycle requires a basic understanding of information security, threats, vulnerabilities, adverse impacts, and risk to critical missions/business functions. The security engineering principles in SA-8 cannot be properly applied if individuals that design, code, and test information systems and system components (including information technology products) do not understand security. Therefore, organizations include qualified personnel, for example, chief information security officers, security architects, security engineers, and information system security officers in system development life cycle activities to ensure that security requirements are incorporated into organizational information systems. It is equally important that developers include individuals on the development team that possess the requisite security expertise and skills to ensure that needed security capabilities are effectively integrated into the information system. Security awareness and training programs can help ensure that individuals having key security roles and responsibilities have the appropriate experience, skills, and expertise to conduct assigned system development life cycle activities. The effective integration of security requirements into enterprise architecture also helps to ensure that important security considerations are addressed early in the system development life cycle and that those considerations are directly related to the organizational mission/business processes. This process also facilitates the integration of the information security architecture into the enterprise architecture, consistent with organizational risk management and information security strategies.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AT-3,PM-7,SA-8

Category: SYSTEM AND SERVICES ACQUISITION

Family: SYSTEM AND SERVICES ACQUISITION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1 Ensure Security Defaults is enabled on Microsoft Entra ID	microsoft_azure	CIS Microsoft Azure Foundations v2.1.0 L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.1 Ensure mounting of squashfs filesystems is disabled	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L2 Server
1.1.1.1 Ensure mounting of squashfs filesystems is disabled	Unix	CIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.1 Ensure mounting of squashfs filesystems is disabled	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L2 Workstation
1.1.1.1 Ensure mounting of squashfs filesystems is disabled	Unix	CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.1 Ensure mounting of UDF filesystems is disabled	Unix	CIS Bottlerocket L2
1.1.1.1 Ensure mounting of udf filesystems is disabled - lsmod	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
1.1.1.1 Ensure mounting of udf filesystems is disabled - modprobe	Unix	CIS Google Container-Optimized OS L2 Server v1.1.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server
1.1.1.2 Ensure mounting of udf filesystems is disabled	Unix	CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
1.1.1.2 Ensure mounting of udf filesystems is disabled	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation
1.1.1.2 Ensure mounting of udf filesystems is disabled	Unix	CIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.1.1.2 Ensure mounting of udf filesystems is disabled	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L1 Server
1.1.1.3 Ensure mounting of FAT filesystems is limited	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L2 Server
1.1.1.3 Ensure mounting of FAT filesystems is limited	Unix	CIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited	Unix	CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited	Unix	CIS SUSE Linux Enterprise 12 v3.1.0 L2 Workstation
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.3 Ensure mounting of udf filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.3 Ensure mounting of udf filesystems is disabled - lsmod	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.3 Ensure mounting of udf filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.3 Ensure mounting of udf filesystems is disabled - modprobe	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.4 Ensure mounting of hfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.4 Ensure mounting of hfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.4 Ensure mounting of hfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.4 Ensure mounting of hfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.6 Ensure mounting of squashfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.6 Ensure mounting of squashfs filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.6 Ensure mounting of squashfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Server L1 v2.0.2
1.1.1.6 Ensure mounting of squashfs filesystems is disabled - modprobe	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.7 Ensure mounting of udf filesystems is disabled - lsmod	Unix	CIS Debian 8 Workstation L1 v2.0.2
1.1.1.7 Ensure mounting of udf filesystems is disabled - lsmod	Unix	CIS Debian 8 Server L1 v2.0.2

Detections

Analytics