OpenStack Platform 13 - Maintenance

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
MA-1 System Maintenance Policy And Procedures

not applicable

MA-2 Controlled Maintenance

not applicable

MA-2 (1) Record Content
MA-2 (2) Automated Maintenance Activities

planned

MA-3 Maintenance Tools

not applicable

MA-3 (1) Inspect Tools

not applicable

MA-3 (2) Inspect Media

not applicable

MA-3 (3) Prevent Unauthorized Removal

not applicable

MA-3 (4) Restricted Tool Use
MA-4 Nonlocal Maintenance

planned

MA-4 (1) Auditing And Review
MA-4 (2) Document Nonlocal Maintenance

not applicable

MA-4 (3) Comparable Security / Sanitization

planned

MA-4 (4) Authentication / Separation Of Maintenance Sessions
MA-4 (5) Approvals And Notifications
MA-4 (6) Cryptographic Protection

planned

MA-4 (7) Remote Disconnect Verification
MA-5 Maintenance Personnel

not applicable

MA-5 (1) Individuals Without Appropriate Access

not applicable

MA-5 (2) Security Clearances For Classified Systems
MA-5 (3) Citizenship Requirements For Classified Systems
MA-5 (4) Foreign Nationals
MA-5 (5) Nonsystem-Related Maintenance
MA-6 Timely Maintenance

planned

MA-6 (1) Preventive Maintenance
MA-6 (2) Predictive Maintenance
MA-6 (3) Automated Support For Predictive Maintenance



MA-1: System Maintenance Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A system maintenance policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the system maintenance policy and associated system maintenance controls; and b. Reviews and updates the current: 1. System maintenance policy [Assignment: organization-defined frequency]; and 2. System maintenance procedures [Assignment: organization-defined frequency].

MA-1 Control Response Information
Implementation Status:

not applicable

MA-1: What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat OpenStack Platform.’




MA-2: Controlled Maintenance

The organization: a. Schedules, performs, documents, and reviews records of maintenance and repairs on information system components in accordance with manufacturer or vendor specifications and/or organizational requirements; b. Approves and monitors all maintenance activities, whether performed on site or remotely and whether the equipment is serviced on site or removed to another location; c. Requires that [Assignment: organization-defined personnel or roles] explicitly approve the removal of the information system or system components from organizational facilities for off-site maintenance or repairs; d. Sanitizes equipment to remove all information from associated media prior to removal from organizational facilities for off-site maintenance or repairs; e. Checks all potentially impacted security controls to verify that the controls are still functioning properly following maintenance or repair actions; and f. Includes [Assignment: organization-defined maintenance-related information] in organizational maintenance records.

MA-2 Control Response Information
Implementation Status:

not applicable

MA-2: What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of Red Hat OpenStack Platform.’




MA-2 (1): Record Content

“[Withdrawn: Incorporated into MA-2].”

MA-2 (1) Control Response Information
Implementation Status: