Security and Privacy Controls for Information Systems and Organizations
SYSTEM AND SERVICES ACQUISITION
The SYSTEM AND SERVICES ACQUISITION Playbook addresses the following areas:
- Policy and Procedures
- Allocation of Resources
- System Development Life Cycle
- Acquisition Process
- System Documentation
- Security and Privacy Engineering Principles
- External System Services
- Developer Configuration Management
- Developer Testing and Evaluation
- Development Process, Standards, and Tools
- Developer-Provided Training
- Developer Security and Privacy Architecture and Design
- Customized Development of Critical Components
- Developer Screening
- Unsupported System Components
- Specialization
The SYSTEM AND SERVICES ACQUISITION Playbook is included in the Security and Privacy Controls for Information Systems and Organizations (NIST 80-53) Library which has been developed by the U.S. Department of Commerce's National Institute of Standards and Technology (NIST). It establishes controls for systems and organizations. The controls can be implemented within any organization or system that processes, stores, or transmits information.