STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 4 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← All Controls

SA-10

System and Services AcquisitionRev 3

Developer Configuration Management

CCI Identifiers (33)

CCI-000692Require the developer of the system, system component, or system service to implement only organization-approved changes to the system, component, or service.CCI-000682The organization requires information system developers to perform configuration management during information system design.CCI-000683The organization requires information system developers to perform configuration management during information system development.CCI-000684The organization requires information system developers to perform configuration management during information system implementation.CCI-000685The organization requires information system developers to perform configuration management during information system operation.CCI-000686The organization requires information system integrators to perform configuration management during information system design.CCI-000687The organization requires information system integrators to perform configuration management during information system development.CCI-000688The organization requires information system integrators to perform configuration management during information system implementation.CCI-000689The organization requires information system integrators to perform configuration management during information system operation.CCI-000690The organization requires information system developers to manage and control changes to the information system during design.CCI-000691The organization requires information system integrators to manage and control changes to the information system during design.CCI-000693The organization requires information system integrators to implement only organization-approved changes.CCI-000694Require the developer of the system, system component, or system service to document approved changes to the system, component, or service.CCI-000695The organization requires information system integrators to document approved changes to the information system.CCI-000696The organization requires that information system developers track security flaws and flaw resolution.CCI-000697The organization requires information system integrators to track security flaws and flaw resolution.CCI-001650The organization requires the information system developers to manage and control changes to the information system during development.CCI-001651The organization requires the information system integrators to manage and control changes to the information system during development.CCI-001652The organization requires the information system developers to manage and control changes to the information system during implementation.CCI-001653The organization requires the information system integrators to manage and control changes to the information system during implementation.CCI-001654The organization requires the information system developers to manage and control changes to the information system during modification.CCI-001655The organization requires the information system integrators to manage and control changes to the information system during modification.CCI-003155Require the developer of the system, system component, or system service to perform configuration management during system, component, or service design, development, implementation, operation and/or disposal.CCI-003156Require the developer of the system, system component, or system service to document the integrity of changes to organization-defined configuration items under configuration management.CCI-003157Require the developer of the system, system component, or system service to manage the integrity of changes to organization-defined configuration items under configuration management.CCI-003158Require the developer of the system, system component, or system service to control the integrity of changes to organization-defined configuration items under configuration management.CCI-003159Defines the configuration items under configuration management that require the integrity of changes to be documented, managed and controlled.CCI-003160Require the developer of the system, system component, or system service to document the potential security impacts of approved changes to the system, component, or service.CCI-003161Require the developer of the system, system component, or system service to track security flaws within the system, component, or service.CCI-003162Require the developer of the system, system component, or system service to track flaw resolution within the system, component, or service.CCI-003163Require the developer of the system, system component, or system service to report findings of security flaws and flaw resolution within the system, component, or service to organization-defined personnel.CCI-003164Defines the personnel to whom security flaw findings and flaw resolution within the system, component, or service are reported.CCI-004794Require the developer of the system, system component, or system service to document the potential privacy impacts of approved changes to the system, component, or service.

Linked STIG Checks (1)

Across 1 STIGs. Click to expand.