SA-4(6): Use of Information Assurance Products
Control Family:
Parent Control:
Baselines:
(Not part of any baseline)
Previous Version:
- NIST Special Publication 800-53 Revision 4:
- SA-4(6): Use Of Information Assurance Products
Control Statement
- Employ only government off-the-shelf or commercial off-the-shelf information assurance and information assurance-enabled information technology products that compose an NSA-approved solution to protect classified information when the networks used to transmit the information are at a lower classification level than the information being transmitted; and
- Ensure that these products have been evaluated and/or validated by NSA or in accordance with NSA-approved procedures.
Supplemental Guidance
Commercial off-the-shelf IA or IA-enabled information technology products used to protect classified information by cryptographic means may be required to use NSA-approved key management. See NSA CSFC.