Open shawndwells opened 6 years ago
Almost 3.5 years, and no one has come up with a recommended solution yet that can be widely applied.
Many of the original contributors (myself included!) have moved to different projects and employers.
@michaelepley from Red Hat Government might be able to help, if you're looking for some guidance on a control response!
Thanks, @shawndwells. I came across this thread searching for any open source recommendations for SC-7(20). For those of us operating in that rarefied space called FedRAMP, learning what has worked for others is always a plus. ;)
https://atopathways.redhatgov.io/ato/getting_started might be of some help.
Otherwise, @michaelepley is Red Hat Government's security architect and might be able to help with supplementary materials. Back in the day we had several OpenStack systems undergo FedRAMP (and related NIST 800-53 based accreditations).
Absolutely happy to help and thanks for the ping @shawndwells ; I'll survey what we might have already available to address this control. Please also feel free to hit me up at my Red Hat email <<
http://ssptool.securitycentral.io/certifications/FedRAMP-high/NIST-800-53/SC-7%20(20)
Description "The information system provides the capability to dynamically isolate/segregate [Assignment: organization-defined information system components] from other components of the system."