CoreOS 4.x - Risk Assessment

Control responses for NIST 800-53 rev4.

NOTE: All CoreOS content is under active development through the ComplianceAsCode Project. Do not consider this content production ready!


Requirements Traceability Matrix

Control Name Status
RA-1 Risk Assessment Policy And Procedures

not applicable

RA-2 Security Categorization

not applicable

RA-3 Risk Assessment

not applicable

RA-4 Risk Assessment Update

not applicable

RA-5 Vulnerability Scanning

planned

RA-5 (1) Update Tool Capability

planned

RA-5 (2) Update By Frequency / Prior To New Scan / When Identified

planned

RA-5 (3) Breadth / Depth Of Coverage

planned

RA-5 (4) Discoverable Information

planned

RA-5 (5) Privileged Access

planned

RA-5 (6) Automated Trend Analyses

planned

RA-5 (7) Automated Detection And Notification Of Unauthorized Components

not applicable

RA-5 (8) Review Historic Audit Logs

not applicable

RA-5 (9) Penetration Testing And Analyses

not applicable

RA-5 (10) Correlate Scanning Information

not applicable

RA-6 Technical Surveillance Countermeasures Survey

not applicable




RA-1: Risk Assessment Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and b. Reviews and updates the current: 1. Risk assessment policy [Assignment: organization-defined frequency]; and 2. Risk assessment procedures [Assignment: organization-defined frequency].

RA-1 Control Response Information
Implementation Status: