STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← All Controls

SA-1

System and Services AcquisitionRev 5

Policy and Procedures

CCI Identifiers (21)

CCI-000601Defines the frequency with which to review and update the current system and services acquisition policy.CCI-000602Develop and document an organization-level; mission/business process-level; and/or system-level system and services acquisition policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.CCI-000603Disseminate to organization-defined personnel or roles an organization-level; mission/business process-level; and/or system-level system and services acquisition policy.CCI-000604Review and update the current system and services acquisition policy in accordance with organization-defined frequency.CCI-000605Develop and document procedures to facilitate the implementation of the system and services acquisition policy and associated system and services acquisition controls.CCI-000606Disseminate to organization-defined personnel or roles procedures to facilitate the implementation of the system and services acquisition policy and associated system and services acquisition controls.CCI-000607Review and update the current system and services acquisition procedures in accordance with organization-defined frequency.CCI-001646Defines the frequency with which to review and update the current system and services acquisition procedures.CCI-003089Defines the personnel or roles to whom the organization-level; mission/business process-level; and/or system-level system and services acquisition policy is disseminated.CCI-003090Defines the personnel or roles to whom procedures to facilitate the implementation of the system and services acquisition policy and associated system and services acquisition controls are disseminated.CCI-004655Develop and document an organization-level; mission/business process-level; and/or system-level system and services acquisition policy that is consistent with applicable laws, Executive Orders, directives, regulations, polices, standards, and guidelines.CCI-004656Designate an organization-defined official to manage development and documentation of the system and services acquisition policy.CCI-004657Designate an organization-defined official to manage dissemination of the system and services acquisition policy.CCI-004658Defines the official designated to manage development and documentation of the system and services acquisition policy.CCI-004659Designate an organization-defined official to manage the development and documentation of the system and services acquisition procedures.CCI-004660Designate an organization-defined official to manage the dissemination of the system and services acquisition procedures.CCI-004661Defines the official designated to manage the system and services acquisition procedures.CCI-004662Review and update the current system and services acquisition policy following organization-defined events.CCI-004663Defines the events following reviewing and updating the current system and services acquisition policy.CCI-004664Review and update the current system and services acquisition procedures following organization-defined events.CCI-004665Defines the events following reviewing and updating the current system and services acquisition procedures.

Linked STIG Checks (0)

No STIG checks reference this control.