SA-4(6): Acquisition Process | Use of Information Assurance Products

SA-4(6): Acquisition Process | Use of Information Assurance Products ()

(a) Employ only government off-the-shelf or commercial off-the-shelf information assurance and information assurance-enabled information technology products that compose an NSA-approved solution to protect classified information when the networks used to transmit the information are at a lower classification level than the information being transmitted; and
(b) Ensure that these products have been evaluated and/or validated by NSA or in accordance with NSA-approved procedures.


Control Identifier	SA-4(6)
Latest Sync Date	19/12/24 09:18:14
Discussion	Commercial off-the-shelf IA or IA-enabled information technology products used to protect classified information by cryptographic means may be required to use NSA-approved key management. See NSA CSFC.
Related Controls	SC-8, SC-12, SC-13.



NIST 800-53 Controls Catalogue