ComplianceAsCode / redhat-openstack-platform-13

Compliance content for Red Hat, Inc.
0 stars 0 forks source link

SC-7(20) Dynamic Isolation / Segregation #456

Open shawndwells opened 6 years ago

shawndwells commented 6 years ago

http://ssptool.securitycentral.io/certifications/FedRAMP-high/NIST-800-53/SC-7%20(20)

Description "The information system provides the capability to dynamically isolate/segregate [Assignment: organization-defined information system components] from other components of the system."

sfc-gh-sking commented 3 years ago

Almost 3.5 years, and no one has come up with a recommended solution yet that can be widely applied.

shawndwells commented 3 years ago

Many of the original contributors (myself included!) have moved to different projects and employers.

@michaelepley from Red Hat Government might be able to help, if you're looking for some guidance on a control response!

sfc-gh-sking commented 3 years ago

Thanks, @shawndwells. I came across this thread searching for any open source recommendations for SC-7(20). For those of us operating in that rarefied space called FedRAMP, learning what has worked for others is always a plus. ;)

shawndwells commented 3 years ago

https://atopathways.redhatgov.io/ato/getting_started might be of some help.

Otherwise, @michaelepley is Red Hat Government's security architect and might be able to help with supplementary materials. Back in the day we had several OpenStack systems undergo FedRAMP (and related NIST 800-53 based accreditations).

michaelepley commented 2 years ago

Absolutely happy to help and thanks for the ping @shawndwells ; I'll survey what we might have already available to address this control. Please also feel free to hit me up at my Red Hat email <<> at redhat.com