800-53|SA-15

Title

DEVELOPMENT PROCESS, STANDARDS, AND TOOLS

Description

The organization:

Supplemental

Development tools include, for example, programming languages and computer-aided design (CAD) systems. Reviews of development processes can include, for example, the use of maturity models to determine the potential effectiveness of such processes. Maintaining the integrity of changes to tools and processes enables accurate supply chain risk assessment and mitigation, and requires robust configuration control throughout the life cycle (including design, development, transport, delivery, integration, and maintenance) to track authorized changes and prevent unauthorized changes.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SA-3,SA-8

Category: SYSTEM AND SERVICES ACQUISITION

Family: SYSTEM AND SERVICES ACQUISITION

Priority: P2

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.14 Ensure that the admission control plugin SecurityContextConstraint is set	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.15 Ensure that the admission control plugin NodeRestriction is set	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
1.2.17 Ensure that the --insecure-port argument is set to 0	OpenShift	CIS RedHat OpenShift Container Platform v1.6.0 L1
2.7 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly	MySQLDB	CIS MySQL 5.6 Enterprise Database L2 v2.0.0
2.7 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly	MySQLDB	CIS MySQL 5.6 Community Database L2 v2.0.0
2.9 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly	MySQLDB	CIS MySQL 5.7 Community Database L2 v2.0.0
2.9 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly	MySQLDB	CIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.10 Ensure Only Approved Ciphers are Used	MySQLDB	CIS MySQL 5.6 Community Database L2 v2.0.0
2.10 Ensure Only Approved Ciphers are Used	MySQLDB	CIS MySQL 5.6 Enterprise Database L2 v2.0.0
2.12 Ensure Only Approved Ciphers are Used	MySQLDB	CIS MariaDB 10.6 Database L2 v1.1.0
2.12 Ensure Only Approved Ciphers are Used	Unix	CIS MariaDB 10.6 on Linux L2 v1.1.0
2.14 Ensure Only Approved Ciphers are Used - ssl_cipher	MySQLDB	CIS MySQL 5.7 Community Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - ssl_cipher	MySQLDB	CIS MySQL 5.7 Enterprise Database L2 v2.0.0
2.14 Ensure Only Approved Ciphers are Used - tls_ciphersuites	MySQLDB	CIS MySQL 5.7 Community Database L2 v2.0.0
4.6 Ensure that HEALTHCHECK instructions have been added to container images	Unix	CIS Docker v1.7.0 L1 Docker - Linux

Detections

Analytics