Uploaded image for project: 'OpenShift CFE'
  1. OpenShift CFE
  2. CFE-212

Complete Checks & remediations for FedRAMP moderate controls

XMLWordPrintable

    • Compliance - Fedramp moderate
    • False
    • False
    • To Do
    • 0% To Do, 0% In Progress, 100% Done

      Moderates that must be addressed in this epic

      1. CM- 8(3)
      The organization:
      (a) Employs automated mechanisms [Assignment: organization-defined frequency] to detect the presence of unauthorized hardware, software, and firmware components within the information system; and
      (b) Takes the following actions when unauthorized components are detected: [Selection (one or more): disables network access by such components; isolates the components; notifies [Assignment: organization-defined personnel or roles]].

      Supplemental Guidance: This control enhancement is applied in addition to the monitoring for unauthorized remote connections and mobile devices. Monitoring for unauthorized system components may be accomplished on an ongoing basis or by the periodic scanning of systems for that purpose. Automated mechanisms can be implemented within information systems or in other separate devices. Isolation can be achieved, for example, by placing unauthorized information system components in separate domains or subnets or otherwise quarantining such components. This type of component isolation is commonly referred to as sandboxing. Related controls: AC- 17, AC- 18, AC- 19, CA- 7, SI- 3, SI- 4, SI- 7, RA- 5.

      2. SC-6 
      The information system protects the availability of resources by allocating [Assignment: organization-defined resources] by [Selection (one or more); priority; quota; [Assignment: organization-defined security safeguards]].

      Supplemental Guidance: Priority protection helps prevent lower-priority processes from delaying or interfering with the information system servicing any higher-priority processes. Quotas prevent users or processes from obtaining more than predetermined amounts of resources. This control does not apply to information system components for which there are only single users/roles.

      Acceptance Criteria

      1. Appropriate Remediations for checks that can be auto-remediated as applicable.
      2. Automated testing for the profiles and new rules developed.

      Quality Assurance

      Refer to https://issues.redhat.com/browse/CMP-888

      1. Appropriate tests need to updated.

      Documentation

      Documentation details to follow as mentioned in https://issues.redhat.com/browse/CMP-888

      1. Required in case a new profile is created.
      2. Required in case a new rule is added.

          1.
          Docs Tracker Sub-task Closed Undefined Unassigned
          2.
          TE Tracker Sub-task Closed Undefined Unassigned
          3.
          QE Tracker Sub-task Closed Undefined Unassigned

              Unassigned Unassigned
              tgeer@redhat.com Trilok Geer
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: