STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

SA-4 (5)

System and Services AcquisitionRev 5organization

System, Component, and Service Configurations

Baselines:High

Control Statement

Require the developer of the system, system component, or system service to:

Supplemental Guidance

Examples of security configurations include the U.S. Government Configuration Baseline (USGCB), Security Technical Implementation Guides (STIGs), and any limitations on functions, ports, protocols, and services. Security characteristics can include requiring that default passwords have been changed.

CCI Identifiers (4)

CCI-003110Defines the security configurations required to be implemented when the developer delivers the system, system component, or system service.CCI-003111Requires the developer of the system, system component, or system service to use the configurations as the default for any subsequent system, component, or service reinstallation or upgrade.CCI-000630The organization requires in acquisition documents, that information system components are delivered in a secure, documented configuration, and that the secure configuration is the default configuration for any software reinstalls or upgrades.CCI-003109Require the developer of the system, system component, or system service to deliver the system, component, or service with organization-defined security configurations implemented.

Linked STIG Checks (2)

Across 1 STIGs. Click to expand.