← Back to catalog
SA-4(5)
System, Component, and Service Configurations
System and Services Acquisition (SA)
Baselines
Low · Not includedModerate · Not includedHigh · Included
Description
Require the developer of the system, system component, or system service to: Deliver the system, component, or service with [assignment] implemented; and Use the configurations as the default for any subsequent system, component, or service reinstallation or upgrade.
Discussion
Examples of security configurations include the U.S. Government Configuration Baseline (USGCB), Security Technical Implementation Guides (STIGs), and any limitations on functions, ports, protocols, and services. Security characteristics can include requiring that default passwords have been changed.
Implementation guidance
No content available.
CSF 2.0 crosswalk
No CSF mappings exist for this control.