SA-3: System Development Life Cycle

From NIST's SP800-53:

a. Acquire, develop, and manage the system using [Assignment: organization-defined system development life cycle] that incorporates information security and privacy considerations; b. Define and document information security and privacy roles and responsibilities throughout the system development life cycle; c. Identify individuals having information security and privacy roles and responsibilities; and d. Integrate the organizational information security and privacy risk management process into system development life cycle activities.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Search:

Control ID	Description
PR.IP-2	A System Development Life Cycle to manage systems is implemented

Showing 1 to 1 of 1 entries

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

Search:

ATT&CK ID	Title	Associated Tactics
T1574.002	DLL Side-Loading	Defense Evasion, Persistence, Privilege Escalation
T1078.004	Cloud Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1078.001	Default Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1078.003	Local Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation
T1213.003	Code Repositories	Collection
T1078	Valid Accounts	Defense Evasion, Initial Access, Persistence, Privilege Escalation

Showing 1 to 6 of 6 entries