OpenStack Platform 13 - System and Services Acquisition

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
SA-1 System And Services Acquisition Policy And Procedures

not applicable

SA-2 Allocation Of Resources

not applicable

SA-3 System Development Life Cycle

not applicable

SA-4 Acquisition Process

not applicable

SA-4 (1) Functional Properties Of Security Controls

planned

SA-4 (2) Design / Implementation Information For Security Controls

planned

SA-4 (3) Development Methods / Techniques / Practices
SA-4 (4) Assignment Of Components To Systems
SA-4 (5) System / Component / Service Configurations
SA-4 (6) Use Of Information Assurance Products
SA-4 (7) Niap-Approved Protection Profiles
SA-4 (8) Continuous Monitoring Plan

planned

SA-4 (9) Functions / Ports / Protocols / Services In Use

planned

SA-4 (10) Use Of Approved Piv Products

not applicable

SA-5 Information System Documentation

not applicable

SA-5 (1) Functional Properties Of Security Controls
SA-5 (2) Security-Relevant External System Interfaces
SA-5 (3) High-Level Design
SA-5 (4) Low-Level Design
SA-5 (5) Source Code
SA-6 Software Usage Restrictions
SA-7 User-Installed Software
SA-8 Security Engineering Principles

not applicable

SA-9 External Information System Services

not applicable

SA-9 (1) Risk Assessments / Organizational Approvals

not applicable

SA-9 (2) Identification Of Functions / Ports / Protocols / Services

not applicable

SA-9 (3) Establish / Maintain Trust Relationship With Providers
SA-9 (4) Consistent Interests Of Consumers And Providers

not applicable

SA-9 (5) Processing, Storage, And Service Location

not applicable

SA-10 Developer Configuration Management

planned

SA-10 (1) Software / Firmware Integrity Verification

planned

SA-10 (2) Alternative Configuration Management Processes
SA-10 (3) Hardware Integrity Verification
SA-10 (4) Trusted Generation
SA-10 (5) Mapping Integrity For Version Control
SA-10 (6) Trusted Distribution
SA-11 Developer Security Testing And Evaluation

planned

SA-11 (1) Static Code Analysis