Navigate

SA-10 (4)

SA-10 (4): Trusted Generation

The organization requires the developer of the information system, system component, or information system service to employ tools for comparing newly generated versions of security-relevant hardware descriptions and software/firmware source and object code with previous versions.

Supplemental

This control enhancement addresses changes to hardware, software, and firmware components between versions during development. In contrast, SA-10 (1) and SA-10 (3) allow organizations to detect unauthorized changes to hardware, software, and firmware components through the use of tools, techniques, and/or mechanisms provided by developers.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to SA-10 (4).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SA-10 (4).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SA-10 (4).

CCI	Definition
CCI-003166	The organization requires the developer of the information system, system component, or information system service to employ tools for comparing newly generated versions of security-relevant hardware descriptions with previous versions.
CCI-003167	The organization requires the developer of the information system, system component, or information system service to employ tools for comparing newly generated versions of software/firmware source code with previous versions.
CCI-003168	The organization requires the developer of the information system, system component, or information system service to employ tools for comparing newly generated versions of object code with previous versions.