Navigate

SA-21 (1)

SA-21 (1): Validation Of Screening

The organization requires the developer of the information system, system component, or information system service take [Assignment: organization-defined actions] to ensure that the required access authorizations and screening criteria are satisfied.

Supplemental

Satisfying required access authorizations and personnel screening criteria includes, for example, providing a listing of all the individuals authorized to perform development activities on the selected information system, system component, or information system service so that organizations can validate that the developer has satisfied the necessary authorization and screening requirements.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to SA-21 (1).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SA-21 (1).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SA-21 (1).

CCI	Definition
CCI-003377	The organization defines the actions the developer of the information system, system component, or information system service must take to ensure the required screening criteria are satisfied.
CCI-003378	The organization defines the actions the developer of the information system, system component, or information system service must take to ensure the required access authorizations are satisfied.
CCI-003379	The organization requires the developer of the information system, system component, or information system service take organization-defined actions to ensure the required screening criteria are satisfied.
CCI-003380	The organization requires the developer of the information system, system component, or information system service take organization-defined actions to ensure the required access authorizations are satisfied.