STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 4 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← All Controls

SA-15

System and Services AcquisitionRev 5

Development Process, Standards, and Tools

CCI Identifiers (21)

CCI-003233Require the developer of the system, system component, or system service to follow a documented development process.CCI-003234Require the developer of the system, system component, or system service to follow a documented development process that explicitly addresses security requirements.CCI-003235Require the developer of the system, system component, or system service to follow a documented development process that identifies the standards used in the development process.CCI-003236Require the developer of the system, system component, or system service to follow a documented development process that identifies the tools used in the development process.CCI-003237Require the developer of the system, system component, or system service to follow a documented development process that documents the specific tool options and tool configurations used in the development process.CCI-003238Require the developer of the system, system component, or system service to follow a documented development process that documents changes to the process and/or tools used in development.CCI-003239Require the developer of the system, system component, or system service to follow a documented development process that manages changes to the process and/or tools used in development.CCI-003240Require the developer of the system, system component, or system service to follow a documented development process that ensures the integrity of changes to the process and/or tools used in development.CCI-003241Review the development process in accordance with organization-defined frequency to determine if the development process selected and employed can satisfy organization-defined security requirements.CCI-003242Review the development standards in accordance with organization-defined frequency to determine if the development standards selected and employed can satisfy organization-defined security requirements.CCI-003243Review the development tools in accordance with organization-defined frequency to determine if the development tools selected and employed can satisfy organization-defined security requirements.CCI-003244Review the development tool options/configurations in accordance with organization-defined frequency to determine if the development tool options and tool configurations selected and employed can satisfy organization-defined security requirements.CCI-003245Defines the frequency on which to review the development process, standards, tools, and tool options/configurations to determine if the process, standards, tools, and tool options and tool configurations selected and employed can satisfy organization-defined security requirements.CCI-003246Defines the security requirements that must be satisfied by conducting a review of the development process, standards, tools, and tool options and tool configurations.CCI-004816Require the developer of the system, system component, or system service to follow a documented development process that explicitly addresses privacy requirements.CCI-004817Review the development process in accordance with organization-defined frequency to determine if the development process selected and employed can satisfy organization-defined privacy requirements.CCI-004818Review the development standards in accordance with organization-defined frequency to determine if the development standards selected and employed can satisfy organization-defined privacy requirements.CCI-004819Review the development tools in accordance with organization-defined frequency to determine if the development tools selected and employed can satisfy organization-defined privacy requirements.CCI-004820Review the development tool options/configurations in accordance with organization-defined frequency to determine if the development tool options and tool configurations selected and employed can satisfy organization-defined privacy requirements.CCI-004821Defines the frequency on which to review the development process, standards, tools, and tool options/configurations to determine if the process, standards, tools, and tool options and tool configurations selected and employed can satisfy organization-defined privacy requirements.CCI-004822Defines the privacy requirements that must be satisfied by conducting a review of the development process, standards, tools, and tool options and tool configurations.

Linked STIG Checks (2)

Across 1 STIGs. Click to expand.