XML

Word

Printable

Details

Type: Feature
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Security & Compliance
Labels:
- NAPS
- security-pm

Blocked:
False
Ready:
False
Parent Link:
OCPSTRAT-28Secure the Platform
Hierarchy Progress:
100
Hierarchy Progress Bar:

100% 100%
Release Note Text:
Undefined
Target Version:

openshift-4.12

RICE Score:
0
Risk Score:
0

SFDC Cases Links:
SFDC Cases Counter:

Description

Feature Overview

The US National Institute of Standards and Technology (NIST) promotes and maintains measurement standards and guidelines to help protect the information and information systems of federal agencies. In response to Executive Order 13556 on managing controlled unclassified information (CUI), it published NIST SP 800-171, Protecting Controlled Unclassified Information In Nonfederal Information Systems and Organizations. CUI is defined as information, both digital and physical, created by a government (or an entity on its behalf) that, while not classified, is still sensitive and requires protection.

NIST SP 800-171 was originally published in June 2015 and has been updated several times since then in response to evolving cyberthreats. It provides guidelines on how CUI should be securely accessed, transmitted, and stored in nonfederal information systems and organizations; its requirements fall into four main categories:
- Controls and processes for managing and protecting
- Monitoring and management of IT systems
- Clear practices and procedures for end-users
- Implementation of technological and physical security measures

Goals

Help customers like Boeing and other federal contractors to achieve NIST SP 800-171 compliance
Address all the technical controls of NIST SP 800-171 and build a SCAP profile for OpenShift Compliance Operator{{}}

Requirements

Requirement	Notes	isMvp?
CI - MUST be running successfully with test automation	This is a requirement for ALL features.	YES
Release Technical Enablement	Provide necessary release enablement details and documents.	YES

(Optional) Use Cases

This Section:

Main success scenarios - high-level user stories
Alternate flow/scenarios - high-level user stories
...

Questions to answer…

Out of Scope

Background, and strategic fit

This Section: What does the person writing code, testing, documenting need to know? What context can be provided to frame this feature.

Assumptions

Customer Considerations

Documentation Considerations

Questions to be addressed:

What educational or reference material (docs) is required to support this product feature? For users/admins? Other functions (security officers, etc)?
Does this feature have doc impact?
New Content, Updates to existing content, Release Note, or No Doc Impact
If unsure and no Technical Writer is available, please contact Content Strategy.
What concepts do customers need to understand to be successful in [action]?
How do we expect customers will use the feature? For what purpose(s)?
What reference material might a customer want/need to complete [action]?
Is there source material that can be used as reference for the Technical Writer in writing the content? If yes, please link if available.
What is the doc impact (New Content, Updates to existing content, or Release Note)?

Attachments

Issue Links

clones

OCPPLAN-6104 FedRAMP moderate controls

Closed

is related to

CMP-1910 RFE - NIST 800-171 Profile in Compliance Operator

Closed

Activity

People

Assignee:: Doron Caspin

Reporter:: Doron Caspin

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2021/06/16 9:18 PM

Updated:: 2023/10/16 6:19 PM