SA-4(5)

  • Requirement

    Require the developer of the system, system component, or system service to:

    1. Deliver the system, component, or service with [Assignment: organization-defined security configurations] implemented; and
    2. Use the configurations as the default for any subsequent system, component, or service reinstallation or upgrade.
  • Discussion

    Examples of security configurations include the U.S. Government Configuration Baseline (USGCB), Security Technical Implementation Guides (STIGs), and any limitations on functions, ports, protocols, and services. Security characteristics can include requiring that default passwords have been changed.

More Info

  • Title

    Acquisition Process | System, Component, and Service Configurations
  • Family

    System and Services Acquisition
  • NIST 800-53B Baseline(s)

    • High
  • Related NIST 800-53 ID

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!