UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

SA-20 CUSTOMIZED DEVELOPMENT OF CRITICAL COMPONENTS


Overview

Number Title Impact Priority Subject Area
SA-20 Customized Development Of Critical Components P0 System And Services Acquisition

Instructions
The organization re-implements or custom develops Assignment: organization-defined critical information system components.
Guidance
Organizations determine that certain information system components likely cannot be trusted due to specific threats to and vulnerabilities in those components, and for which there are no viable security controls to adequately mitigate the resulting risk. Re-implementation or custom development of such components helps to satisfy requirements for higher assurance. This is accomplished by initiating changes to system components (including hardware, software, and firmware) such that the standard attacks by adversaries are less likely to succeed. In situations where no alternative sourcing is available and organizations choose not to re-implement or custom develop critical information system components, additional safeguards can be employed (e.g., enhanced auditing, restrictions on source code and system utility access, and protection from deletion of system and application files.

Enhancements