Processes and Controls

puzzle piece

puzzle piece

Here are some processes across the SDLC Framework and related security controls:

INITIATION Phase

  • Characterize the system
    •  Need, purpose, function, data, flows…
    • CA-3 System Interconnections
    • CM-8 Component Inventory
    • RA-2 System Categorization
    • PE-16 Delivery and Removal

ACQUISITION AND DEVELOPMENT Phase

  • Risk Assessment
    • RA-5 Vulnerability Scanning
    • SI-2 Flaw Remediation
  • Security Control Implementation
    • ALL CONTROLS (Baseline)
  • Configuration Settings
    • CM-6 Configuration Settings
  • Security Plan
    • PL-2 Security Plan (+all PL family controls)
    • RA-4 and PL-3 Update Documentation

IMPLEMENTATION AND ASSESSMENT Phase

  • Configuration Baseline
    • CM-2 Configuration Baseline
  • Testing
  • C&A
    • CA-2 Security Assessment
    • CA-4 Certification
    • CA-6 Accreditation
    • CA-5 POA&Ms
  • RA-4 and PL-3 Update Documentation

OPERATIONS AND MAINTENANCE Phase

  • Configuration Control
    • CM-3 Configuration Control
    • CM-4 Monitoring Configuration Change
  • Continuous Monitoring
    • CA-7 Continuous Monitoring
    • SI-2 Flaw Remediation
    • RA-5 Vulnerability Scanning
    • SI-4 Network Monitoring
    • SI-7 Integrity
    • CA-5 POA&Ms
  • RA-4 and PL-3 Update Documentation

DISPOSAL Phase

  • Media Sanitization
    • MP-6 Media Sanitization
  • RA-4 and PL-3 Update Documentation

Leave a Reply

You must be logged in to post a comment.