OpenShift Container Platform 3.x - System and Services Acquisition

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
SA-1 System And Services Acquisition Policy And Procedures

not applicable

SA-2 Allocation Of Resources

not applicable

SA-3 System Development Life Cycle

not applicable

SA-4 Acquisition Process

not applicable

SA-4 (1) Functional Properties Of Security Controls

planned

SA-4 (2) Design / Implementation Information For Security Controls

planned

SA-4 (3) Development Methods / Techniques / Practices

planned

SA-4 (4) Assignment Of Components To Systems

not applicable

SA-4 (5) System / Component / Service Configurations

planned

SA-4 (6) Use Of Information Assurance Products

planned

SA-4 (7) Niap-Approved Protection Profiles

planned

SA-4 (8) Continuous Monitoring Plan

planned

SA-4 (9) Functions / Ports / Protocols / Services In Use

planned

SA-4 (10) Use Of Approved Piv Products

not applicable

SA-5 Information System Documentation

not applicable

SA-5 (1) Functional Properties Of Security Controls

not applicable

SA-5 (2) Security-Relevant External System Interfaces

not applicable

SA-5 (3) High-Level Design

not applicable

SA-5 (4) Low-Level Design

not applicable

SA-5 (5) Source Code

not applicable

SA-6 Software Usage Restrictions

not applicable

SA-7 User-Installed Software

not applicable

SA-8 Security Engineering Principles

not applicable

SA-9 External Information System Services

not applicable

SA-9 (1) Risk Assessments / Organizational Approvals

not applicable

SA-9 (2) Identification Of Functions / Ports / Protocols / Services

not applicable

SA-9 (3) Establish / Maintain Trust Relationship With Providers

not applicable

SA-9 (4) Consistent Interests Of Consumers And Providers

not applicable

SA-9 (5) Processing, Storage, And Service Location

not applicable

SA-10 Developer Configuration Management

planned

SA-10 (1) Software / Firmware Integrity Verification

planned

SA-10 (2) Alternative Configuration Management Processes

not applicable

SA-10 (3) Hardware Integrity Verification

planned

SA-10 (4) Trusted Generation

planned

SA-10 (5) Mapping Integrity For Version Control

planned

SA-10 (6) Trusted Distribution

planned

SA-11 Developer Security Testing And Evaluation
SA-11 (1) Static Code Analysis
SA-11 (2) Threat And Vulnerability Analyses
SA-11 (3) Independent Verification Of Assessment Plans / Evidence
SA-11 (4) Manual Code Reviews
SA-11 (5) Penetration Testing
SA-11 (6) Attack Surface Reviews
SA-11 (7) Verify Scope Of Testing / Evaluation
SA-11 (8) Dynamic Code Analysis
SA-12 Supply Chain Protection
SA-12 (1) Acquisition Strategies / Tools / Methods
SA-12 (2) Supplier Reviews
SA-12 (3) Trusted Shipping And Warehousing