Processes and Controls
puzzle piece
Here are some processes across the SDLC Framework and related security controls:
INITIATION Phase
- Characterize the system
- Need, purpose, function, data, flows…
- CA-3 System Interconnections
- CM-8 Component Inventory
- RA-2 System Categorization
- PE-16 Delivery and Removal
ACQUISITION AND DEVELOPMENT Phase
- Risk Assessment
- RA-5 Vulnerability Scanning
- SI-2 Flaw Remediation
- Security Control Implementation
- ALL CONTROLS (Baseline)
- Configuration Settings
- CM-6 Configuration Settings
- Security Plan
- PL-2 Security Plan (+all PL family controls)
- RA-4 and PL-3 Update Documentation
IMPLEMENTATION AND ASSESSMENT Phase
- Configuration Baseline
- CM-2 Configuration Baseline
- Testing
- C&A
- CA-2 Security Assessment
- CA-4 Certification
- CA-6 Accreditation
- CA-5 POA&Ms
- RA-4 and PL-3 Update Documentation
OPERATIONS AND MAINTENANCE Phase
- Configuration Control
- CM-3 Configuration Control
- CM-4 Monitoring Configuration Change
- Continuous Monitoring
- CA-7 Continuous Monitoring
- SI-2 Flaw Remediation
- RA-5 Vulnerability Scanning
- SI-4 Network Monitoring
- SI-7 Integrity
- CA-5 POA&Ms
- RA-4 and PL-3 Update Documentation
DISPOSAL Phase
- Media Sanitization
- MP-6 Media Sanitization
- RA-4 and PL-3 Update Documentation
Digg
StumbleUpon
Facebook
Twitter
Google Bookmarks
Add to favorites
RSS
Leave a Reply
You must be logged in to post a comment.