STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 4 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← All Controls

SA-17

System and Services AcquisitionRev 5

Developer Security and Privacy Architecture and Design

CCI Identifiers (10)

CCI-003293Require the developer of the system, system component, or system service to produce a design specification and security architecture.CCI-003294Require the developer of the system, system component, or system service to produce a design specification and security architecture that is consistent with and supportive of the organization's security architecture which is established within and is an integrated part of the organization's enterprise architecture.CCI-003295Require the developer of the system, system component, or system service to produce a design specification and security architecture that accurately and completely describes the required security functionality.CCI-003296Require the developer of the system, system component, or system service to produce a design specification and security architecture that accurately and completely describes the allocation of security controls among physical and logical components.CCI-003297Require the developer of the system, system component, or system service to produce a design specification and security architecture that expresses how individual security functions, mechanisms, and services work together to provide required security capabilities and a unified approach to protection.CCI-004837Require the developer of the system, system component, or system service to produce a privacy architecture.CCI-004838Require the developer of the system, system component, or system service to produce a privacy architecture that is consistent with and supportive of the organization's privacy architecture which is established within and is an integrated part of the organization's enterprise architecture.CCI-004839Require the developer of the system, system component, or system service to produce a privacy architecture that accurately and completely describes the required privacy functionality.CCI-004840Require the developer of the system, system component, or system service to produce a privacy architecture that accurately and completely describes the allocation of privacy controls among physical and logical components.CCI-004841Require the developer of the system, system component, or system service to produce a privacy architecture that expresses how individual privacy functions, mechanisms, and services work together to provide required privacy capabilities and a unified approach to protection.

Linked STIG Checks (0)

No STIG checks reference this control.