Control number Control name Assessment methods Notes and guidance documents SP 800-53A guidance
SA-1 System and services acquisition policy and procedures Review documentation for organization to determine the acquisition processes, policies, and procedures in place for systems, components, and services in support of system under review. Discuss with System Owner, acquisition staff, operations staff, and Security Officer. SP 800-12, SP 800-37, rev. 1, SP 800-64, SP 800-100 Examine: System and services acquisition policy and procedures; other relevant documents or records. Interview: Organizational personnel with system and services acquisition responsibilities; organizational personnel with information security responsibilities.

Get Security Controls Evaluation, Testing, and Assessment Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.