sa-22-1-alternative-sources-for-continued-support

name: "SA-22(1)_alternative-sources-for-continued-support" description: "Alternative Sources for Continued Support" category: "configuration" version: "5.2.0" author: "cyberstrike-official" tags: - nist - sp800-53 - rev5 - sa-22-1 - sa - enhancement tech_stack: - any cwe_ids: - CWE-16 chains_with: [] prerequisites: - SA-22 severity_boost: {}

SA-22(1) Alternative Sources for Continued Support

Enhancement of: SA-22

High-Level Description

Family: System and Services Acquisition (SA) Framework: NIST SP 800-53 Rev 5

No description available.

What to Check

• Verify SA-22(1) Alternative Sources for Continued Support is documented in SSP
• Confirm control is operating effectively
• Review evidence of continuous monitoring for SA-22(1)
• Verify enhancement builds upon base control SA-22

How to Test

Step 1: Review Documentation

Examine the System Security Plan (SSP) and related artifacts for SA-22(1) implementation details. Verify the organization has documented how this control is satisfied.

Step 2: Validate Implementation

# For cloud environments, use cloud-audit-mcp tools
# For on-premises, review system configurations directly

# Example: Check if account management policies exist
grep -r "account.management\|access.control" /etc/security/ 2>/dev/null

Step 3: Test Operating Effectiveness

Verify the control is actively functioning, not just documented. Check logs, configurations, and operational evidence.

Tools

Remediation Guide

Control Statement

Refer to NIST SP 800-53 Rev 5 for the full control statement.

Implementation Guidance

Implement this control per organizational risk assessment and system categorization.

Risk Assessment

CWE Categories

References

• NIST SP 800-53 Rev 5 - SA-22(1)
• NIST SP 800-53A Rev 5 (Assessment Procedures)
• NIST SP 800-53 Rev 5 Full Catalog

Checklist

• Control documented in SSP
• Implementation evidence collected
• Operating effectiveness validated
• Continuous monitoring in place
• Related controls (none) reviewed