SOA

The Security Operating Approval (SOA) assesses and assigns accountability for security and privacy risks associated with the operational use of pipeline systems.  It also provides verification that RH software is built using an approved pipeline, which is required for RH-SDLC.

Acceptance criteria

• Regularity
• Ensure that the software engineering team utilizes only systems, tools and infrastructure with an active SOA documented on each production release.

• Accessibility of Findings
• New STIs can be requested for approval, but they must be approved by Product Security before a product and/or its components are released.

• Evidence
• All services, tools, and infrastructure (STIs) used in the Products/Service pipeline must be registered in the Configuration Management Database (CMBD) and have SOA.

Roles and responsibilities

It is the responsibility of the SET to follow this Policy and only use systems that have an active SOA.

Engineering effort

~2 hours to confirm the CMBD IDs of the systems used for build, sign, and release.

Place in the software lifecycle

Planning Stage -  Identify and document the services, tools, and infrastructure (STIs) that will be used in the product development process.

Outcomes

All Products are developed on SOA-approved productization pipelines.

Other resource: RH-SDLC Runbook SOA