Detections
Analytics

800-53|SA-8

Title

SECURITY ENGINEERING PRINCIPLES

Description

The organization applies information system security engineering principles in the specification, design, development, implementation, and modification of the information system.

Supplemental

Organizations apply security engineering principles primarily to new development information systems or systems undergoing major upgrades. For legacy systems, organizations apply security engineering principles to system upgrades and modifications to the extent feasible, given the current state of hardware, software, and firmware within those systems. Security engineering principles include, for example: (i) developing layered protections; (ii) establishing sound security policy, architecture, and controls as the foundation for design; (iii) incorporating security requirements into the system development life cycle; (iv) delineating physical and logical security boundaries; (v) ensuring that system developers are trained on how to build secure software; (vi) tailoring security controls to meet organizational and operational needs; (vii) performing threat modeling to identify use cases, threat agents, attack vectors, and attack patterns as well as compensating controls and design patterns needed to mitigate risk; and (viii) reducing risk to acceptable levels, thus enabling informed risk management decisions.

Reference Item Details

Related: PM-7,SA-17,SA-3,SA-4,SC-2,SC-3

Category: SYSTEM AND SERVICES ACQUISITION

Family: SYSTEM AND SERVICES ACQUISITION

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Ensure Security Defaults is enabled on Azure Active Directorymicrosoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmodUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.1 Ensure mounting of cramfs filesystems is disabled - modprobeUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.1.1 Ensure mounting of squashfs filesystems is disabledUnixCIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.1 Ensure mounting of squashfs filesystems is disabledUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.1 Ensure mounting of squashfs filesystems is disabledUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.1 Ensure mounting of squashfs filesystems is disabledUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
1.1.1.1 Ensure mounting of UDF filesystems is disabledUnixCIS Bottlerocket L2
1.1.1.1 Ensure mounting of udf filesystems is disabled - lsmodUnixCIS Google Container-Optimized OS L2 Server v1.1.0
1.1.1.1 Ensure mounting of udf filesystems is disabled - modprobeUnixCIS Google Container-Optimized OS L2 Server v1.1.0
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmodUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - lsmodUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Debian 8 Workstation L1 v2.0.2
1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - modprobeUnixCIS Debian 8 Server L1 v2.0.2
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmodUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - lsmodUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - modprobeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server
1.1.1.2 Ensure mounting of squashfs filesystems is disabled - modprobeUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation
1.1.1.2 Ensure mounting of udf filesystems is disabledUnixCIS SUSE Linux Enterprise Server 12 L1 v3.1.0
1.1.1.2 Ensure mounting of udf filesystems is disabledUnixCIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.1.1.2 Ensure mounting of udf filesystems is disabledUnixCIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1
1.1.1.2 Ensure mounting of udf filesystems is disabledUnixCIS SUSE Linux Enterprise Workstation 12 L1 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - EFIUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - EFIUnixCIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - EFIUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - EFIUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod fatUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod fatUnixCIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod fatUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod fatUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod msdosUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod msdosUnixCIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod msdosUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod msdosUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod vfatUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod vfatUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod vfatUnixCIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - lsmod vfatUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe fatUnixCIS SUSE Linux Enterprise 15 Server L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe fatUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe fatUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe fatUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe msdosUnixCIS SUSE Linux Enterprise Workstation 12 L2 v3.1.0
1.1.1.3 Ensure mounting of FAT filesystems is limited - modprobe msdosUnixCIS SUSE Linux Enterprise Server 12 L2 v3.1.0