OpenStack Platform 13 - System and Services Acquisition
Control responses for NIST 800-53 rev4.
Requirements Traceability Matrix
| Control | Name | Status |
|---|---|---|
| SA-1 | System And Services Acquisition Policy And Procedures |
not applicable |
| SA-2 | Allocation Of Resources |
not applicable |
| SA-3 | System Development Life Cycle |
not applicable |
| SA-4 | Acquisition Process |
not applicable |
| SA-4 (1) | Functional Properties Of Security Controls |
planned |
| SA-4 (2) | Design / Implementation Information For Security Controls |
planned |
| SA-4 (3) | Development Methods / Techniques / Practices |
unknown |
| SA-4 (4) | Assignment Of Components To Systems |
unknown |
| SA-4 (5) | System / Component / Service Configurations |
unknown |
| SA-4 (6) | Use Of Information Assurance Products |
unknown |
| SA-4 (7) | Niap-Approved Protection Profiles |
unknown |
| SA-4 (8) | Continuous Monitoring Plan |
planned |
| SA-4 (9) | Functions / Ports / Protocols / Services In Use |
planned |
| SA-4 (10) | Use Of Approved Piv Products |
not applicable |
| SA-5 | Information System Documentation |
not applicable |
| SA-5 (1) | Functional Properties Of Security Controls |
unknown |
| SA-5 (2) | Security-Relevant External System Interfaces |
unknown |
| SA-5 (3) | High-Level Design |
unknown |
| SA-5 (4) | Low-Level Design |
unknown |
| SA-5 (5) | Source Code |
unknown |
| SA-6 | Software Usage Restrictions |
unknown |
| SA-7 | User-Installed Software |
unknown |
| SA-8 | Security Engineering Principles |
not applicable |
| SA-9 | External Information System Services |
not applicable |
| SA-9 (1) | Risk Assessments / Organizational Approvals |
not applicable |
| SA-9 (2) | Identification Of Functions / Ports / Protocols / Services |
not applicable |
| SA-9 (3) | Establish / Maintain Trust Relationship With Providers |
unknown |
| SA-9 (4) | Consistent Interests Of Consumers And Providers |
not applicable |
| SA-9 (5) | Processing, Storage, And Service Location |
not applicable |
| SA-10 | Developer Configuration Management |
planned |
| SA-10 (1) | Software / Firmware Integrity Verification |
planned |
| SA-10 (2) | Alternative Configuration Management Processes |
unknown |
| SA-10 (3) | Hardware Integrity Verification |
unknown |
| SA-10 (4) | Trusted Generation |
unknown |
| SA-10 (5) | Mapping Integrity For Version Control |
unknown |
| SA-10 (6) | Trusted Distribution |
unknown |
| SA-11 | Developer Security Testing And Evaluation |
planned |
| SA-11 (1) | Static Code Analysis |
planned |
| SA-11 (2) | Threat And Vulnerability Analyses |
|