sfc-gh-sking
commented
3 years ago Almost 3.5 years, and no one has come up with a recommended solution yet that can be widely applied.
Open shawndwells opened 6 years ago
sfc-gh-sking
commented
3 years ago Almost 3.5 years, and no one has come up with a recommended solution yet that can be widely applied.
shawndwells
commented
3 years ago Many of the original contributors (myself included!) have moved to different projects and employers.
@michaelepley from Red Hat Government might be able to help, if you're looking for some guidance on a control response!
sfc-gh-sking
commented
3 years ago Thanks, @shawndwells. I came across this thread searching for any open source recommendations for SC-7(20). For those of us operating in that rarefied space called FedRAMP, learning what has worked for others is always a plus. ;)
shawndwells
commented
3 years ago https://atopathways.redhatgov.io/ato/getting_started might be of some help.
Otherwise, @michaelepley is Red Hat Government's security architect and might be able to help with supplementary materials. Back in the day we had several OpenStack systems undergo FedRAMP (and related NIST 800-53 based accreditations).
michaelepley
commented
2 years ago Absolutely happy to help and thanks for the ping @shawndwells ; I'll survey what we might have already available to address this control. Please also feel free to hit me up at my Red Hat email <<
http://ssptool.securitycentral.io/certifications/FedRAMP-high/NIST-800-53/SC-7%20(20)
Description "The information system provides the capability to dynamically isolate/segregate [Assignment: organization-defined information system components] from other components of the system."