CoreOS 4.x - System and Communications Protection

Control responses for NIST 800-53 rev4.

NOTE: All CoreOS content is under active development through the ComplianceAsCode Project. Do not consider this content production ready!

Requirements Traceability Matrix

Control Name Status
SC-1 System And Communications Protection Policy And Procedures

not applicable

SC-2 Application Partitioning
SC-2 (1) Interfaces For Non-Privileged Users
SC-3 Security Function Isolation
SC-3 (1) Hardware Separation
SC-3 (2) Access / Flow Control Functions
SC-3 (3) Minimize Nonsecurity Functionality
SC-3 (4) Module Coupling And Cohesiveness
SC-3 (5) Layered Structures
SC-4 Information In Shared Resources
SC-4 (1) Security Levels
SC-4 (2) Periods Processing
SC-5 Denial Of Service Protection
SC-5 (1) Restrict Internal Users
SC-5 (2) Excess Capacity / Bandwidth / Redundancy
SC-5 (3) Detection / Monitoring
SC-6 Resource Availability
SC-7 Boundary Protection
SC-7 (1) Physically Separated Subnetworks
SC-7 (2) Public Access
SC-7 (3) Access Points
SC-7 (4) External Telecommunications Services
SC-7 (5) Deny By Default / Allow By Exception
SC-7 (6) Response To Recognized Failures
SC-7 (7) Prevent Split Tunneling For Remote Devices
SC-7 (8) Route Traffic To Authenticated Proxy Servers
SC-7 (9) Restrict Threatening Outgoing Communications Traffic
SC-7 (10) Prevent Unauthorized Exfiltration
SC-7 (11) Restrict Incoming Communications Traffic
SC-7 (12) Host-Based Protection
SC-7 (13) Isolation Of Security Tools / Mechanisms / Support Components
SC-7 (14) Protects Against Unauthorized Physical Connections
SC-7 (15) Route Privileged Network Accesses
SC-7 (16) Prevent Discovery Of Components / Devices
SC-7 (17) Automated Enforcement Of Protocol Formats
SC-7 (18) Fail Secure
SC-7 (19) Blocks Communication From Non-Organizationally Configured Hosts
SC-7 (20) Dynamic Isolation / Segregation
SC-7 (21) Isolation Of Information System Components
SC-7 (22) Separate Subnets For Connecting To Different Security Domains
SC-7 (23) Disable Sender Feedback On Protocol Validation Failure
SC-8 Transmission Confidentiality And Integrity
SC-8 (1) Cryptographic Or Alternate Physical Protection
SC-8 (2) Pre / Post Transmission Handling
SC-8 (3) Cryptographic Protection For Message Externals
SC-8 (4) Conceal / Randomize Communications
SC-9 Transmission Confidentiality
SC-10 Network Disconnect
SC-11 Trusted Path
SC-11 (1) Logical Isolation
SC-12 Cryptographic Key Establishment And Management
SC-12 (1) Availability
SC-12 (2) Symmetric Keys
SC-12 (3) Asymmetric Keys
SC-12 (4) Pki Certificates
SC-12 (5) Pki Certificates / Hardware Tokens
SC-13 Cryptographic Protection
SC-13 (1) Fips-Validated Cryptography
SC-13 (2) Nsa-Approved Cryptography
SC-13 (3) Individuals Without Formal Access Approvals
SC-13 (4) Digital Signatures