SA-02 Allocation Of Resources
Documents the Private Mendix Platform's compliance with the SA-02 control of the NIST 800-53 framework.
NIST 800-53 System and Services Acquisition Compliance for Private Mendix Platform
Last modified: May 22, 2026
Introduction
Documents in this section provide more information about Private Mendix Platform's compliance with the System and Services Acquisition (SA) category of the NIST 800-53 security framework. For each applicable control, we have listed which party (Mendix or the customer) is responsible for which component or aspect.
In general, Mendix is responsible for the Private Mendix Platform, Mendix Operator, Mendix Studio Pro, Mendix Runtime, and so on. Customer responsibilities are related to infra and organization processes. For more information, refer to detailed documentation below.
SA-03 System Development Life Cycle
Documents the Private Mendix Platform's compliance with the SA-03 control of the NIST 800-53 framework.
SA-04 - System and Services Acquisition
Documents the Private Mendix Platform's compliance with the SA-04 control of the NIST 800-53 framework.
SA-04 (01) – Functional Properties of Security Controls
Documents the Private Mendix Platform's compliance with the SA-04 (01) control of the NIST 800-53 framework.
SA-04 (02) – Design and Implementation Information
Documents the Private Mendix Platform's compliance with the SA-04 (02) control of the NIST 800-53 framework.
SA-04 (07) - NIAP-Approved Protection Profiles and FIPS-Validated Cryptography
Documents the Private Mendix Platform's compliance with the SA-04 (07) control of the NIST 800-53 framework.
SA-04 (08) Continuous Monitoring Plan
Documents the Private Mendix Platform's compliance with the SA-04 (08) control of the NIST 800-53 framework.
SA-04 (09) - Functions, Ports, Protocols, and Services
Documents the Private Mendix Platform's compliance with the SA-04 (09) control of the NIST 800-53 framework.
SA-04 (10) FIPS 201-Approved PIV Products
Documents the Private Mendix Platform's compliance with the SA-04 (10) control of the NIST 800-53 framework.
SA-05 - Information System Documentation
Documents the Private Mendix Platform's compliance with the SA-05 control of the NIST 800-53 framework.
SA-10 - Developer Configuration Management
Documents the Private Mendix Platform's compliance with the SA-10 control of the NIST 800-53 framework.
SA-10 (01) - Software and Firmware Integrity Verification
Documents the Private Mendix Platform's compliance with the SA-10 (01) control of the NIST 800-53 framework.
SA-11 (01) - Static Code Analysis
Documents the Private Mendix Platform's compliance with the SA-11 (01) control of the NIST 800-53 framework.
SA-11 (02) - Threat and Vulnerability Analysis
Documents the Private Mendix Platform's compliance with the SA-11 (02) control of the NIST 800-53 framework.
SA-11 (08) - Dynamic Code Analysis
Documents the Private Mendix Platform's compliance with the SA-11 (08) control of the NIST 800-53 framework.
SA-12 - Supply Chain Protection
Documents the Private Mendix Platform's compliance with the SA-12 control of the NIST 800-53 framework.