Skip to main content

πŸ’Ό SA-8 Security and Privacy Engineering Principles

  • Contextual name: πŸ’Ό SA-8 Security and Privacy Engineering Principles
  • ID: /frameworks/nist-sp-800-53-r5/sa/08
  • Located in: πŸ’Ό SA System And Services Acquisition

Description​

Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: [Assignment: organization-defined systems security and privacy engineering principles].

Similar​

  • Internal
    • ID: dec-c-2a38e125

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SA-8 Security and Privacy Engineering Principles (L)(M)(H)6
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SA-8 Security and Privacy Engineering Principles (L)(M)(H)6
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles21
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-01: Improvements are identified from evaluations20
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties33
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities34
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected108
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.IR-03: Mechanisms are implemented to achieve resilience requirements in normal and adverse situations11

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SA-8(1) Security and Privacy Engineering Principles _ Clear Abstractions
πŸ’Ό SA-8(2) Security and Privacy Engineering Principles _ Least Common Mechanism
πŸ’Ό SA-8(3) Security and Privacy Engineering Principles _ Modularity and Layering
πŸ’Ό SA-8(4) Security and Privacy Engineering Principles _ Partially Ordered Dependencies
πŸ’Ό SA-8(5) Security and Privacy Engineering Principles _ Efficiently Mediated Access
πŸ’Ό SA-8(6) Security and Privacy Engineering Principles _ Minimized Sharing
πŸ’Ό SA-8(7) Security and Privacy Engineering Principles _ Reduced Complexity
πŸ’Ό SA-8(8) Security and Privacy Engineering Principles _ Secure Evolvability
πŸ’Ό SA-8(9) Security and Privacy Engineering Principles _ Trusted Components
πŸ’Ό SA-8(10) Security and Privacy Engineering Principles _ Hierarchical Trust
πŸ’Ό SA-8(11) Security and Privacy Engineering Principles _ Inverse Modification Threshold
πŸ’Ό SA-8(12) Security and Privacy Engineering Principles _ Hierarchical Protection
πŸ’Ό SA-8(13) Security and Privacy Engineering Principles _ Minimized Security Elements
πŸ’Ό SA-8(14) Security and Privacy Engineering Principles _ Least Privilege
πŸ’Ό SA-8(15) Security and Privacy Engineering Principles _ Predicate Permission
πŸ’Ό SA-8(16) Security and Privacy Engineering Principles _ Self-reliant Trustworthiness
πŸ’Ό SA-8(17) Security and Privacy Engineering Principles _ Secure Distributed Composition
πŸ’Ό SA-8(18) Security and Privacy Engineering Principles _ Trusted Communications Channels
πŸ’Ό SA-8(19) Security and Privacy Engineering Principles _ Continuous Protection
πŸ’Ό SA-8(20) Security and Privacy Engineering Principles _ Secure Metadata Management
πŸ’Ό SA-8(21) Security and Privacy Engineering Principles _ Self-analysis
πŸ’Ό SA-8(22) Security and Privacy Engineering Principles _ Accountability and Traceability1
πŸ’Ό SA-8(23) Security and Privacy Engineering Principles _ Secure Defaults
πŸ’Ό SA-8(24) Security and Privacy Engineering Principles _ Secure Failure and Recovery
πŸ’Ό SA-8(25) Security and Privacy Engineering Principles _ Economic Security
πŸ’Ό SA-8(26) Security and Privacy Engineering Principles _ Performance Security
πŸ’Ό SA-8(27) Security and Privacy Engineering Principles _ Human Factored Security
πŸ’Ό SA-8(28) Security and Privacy Engineering Principles _ Acceptable Security
πŸ’Ό SA-8(29) Security and Privacy Engineering Principles _ Repeatable and Documented Procedures
πŸ’Ό SA-8(30) Security and Privacy Engineering Principles _ Procedural Rigor
πŸ’Ό SA-8(31) Security and Privacy Engineering Principles _ Secure System Modification
πŸ’Ό SA-8(32) Security and Privacy Engineering Principles _ Sufficient Documentation
πŸ’Ό SA-8(33) Security and Privacy Engineering Principles _ Minimization

Policies (6)​

PolicyLogic CountFlags
πŸ“ Google API Key is not restricted for unused APIs 🟒1🟒 x6
πŸ“ Google API Key is not rotated every 90 days 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value 🟒1🟒 x6
πŸ“ Google Cloud SQL Server Instance user options Database Flag is configured 🟒1🟒 x6
πŸ“ Google Project has API Keys 🟒1🟠 x1, 🟒 x5