System and Services Acquisition Policy and Procedures

class

Management

family

System and Services Acquisition

number

SA-1

priority

P1

impact

LOW_MODERATE_HIGH

The organization develops, disseminates, and reviews/updates [ Assignment: organization-defined frequency ]: A formal, documented system and services acquisition policy that includes information security considerations and that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Formal, documented procedures to facilitate the implementation of the system and services acquisition policy and associated system and services acquisition controls.

Comments