💼 SA-8 Security and Privacy Engineering Principles

• ID: /frameworks/nist-sp-800-53-r5/sa/08

Description

Apply the following systems security and privacy engineering principles in the specification, design, development, implementation, and modification of the system and system components: [Assignment: organization-defined systems security and privacy engineering principles].

Similar

• Internal
  • ID: dec-c-2a38e125

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 FedRAMP High Security Controls → 💼 SA-8 Security and Privacy Engineering Principles (L)(M)(H)			6		no data
💼 FedRAMP Low Security Controls → 💼 SA-8 Security and Privacy Engineering Principles (L)(M)(H)			6		no data
💼 NIST CSF v2.0 → 💼 ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles			25		no data
💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations			26		no data
💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties			40		no data
💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities			41		no data
💼 NIST CSF v2.0 → 💼 PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected			142		no data
💼 NIST CSF v2.0 → 💼 PR.IR-03: Mechanisms are implemented to achieve resilience requirements in normal and adverse situations			15		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 SA-8(1) Security and Privacy Engineering Principles _ Clear Abstractions					no data
💼 SA-8(2) Security and Privacy Engineering Principles _ Least Common Mechanism					no data
💼 SA-8(3) Security and Privacy Engineering Principles _ Modularity and Layering					no data
💼 SA-8(4) Security and Privacy Engineering Principles _ Partially Ordered Dependencies					no data
💼 SA-8(5) Security and Privacy Engineering Principles _ Efficiently Mediated Access					no data
💼 SA-8(6) Security and Privacy Engineering Principles _ Minimized Sharing					no data
💼 SA-8(7) Security and Privacy Engineering Principles _ Reduced Complexity					no data
💼 SA-8(8) Security and Privacy Engineering Principles _ Secure Evolvability					no data
💼 SA-8(9) Security and Privacy Engineering Principles _ Trusted Components					no data
💼 SA-8(10) Security and Privacy Engineering Principles _ Hierarchical Trust					no data
💼 SA-8(11) Security and Privacy Engineering Principles _ Inverse Modification Threshold					no data
💼 SA-8(12) Security and Privacy Engineering Principles _ Hierarchical Protection					no data
💼 SA-8(13) Security and Privacy Engineering Principles _ Minimized Security Elements					no data
💼 SA-8(14) Security and Privacy Engineering Principles _ Least Privilege					no data
💼 SA-8(15) Security and Privacy Engineering Principles _ Predicate Permission					no data
💼 SA-8(16) Security and Privacy Engineering Principles _ Self-reliant Trustworthiness					no data
💼 SA-8(17) Security and Privacy Engineering Principles _ Secure Distributed Composition					no data
💼 SA-8(18) Security and Privacy Engineering Principles _ Trusted Communications Channels					no data
💼 SA-8(19) Security and Privacy Engineering Principles _ Continuous Protection			1		no data
💼 SA-8(20) Security and Privacy Engineering Principles _ Secure Metadata Management					no data
💼 SA-8(21) Security and Privacy Engineering Principles _ Self-analysis			1		no data
💼 SA-8(22) Security and Privacy Engineering Principles _ Accountability and Traceability			1		no data
💼 SA-8(23) Security and Privacy Engineering Principles _ Secure Defaults					no data
💼 SA-8(24) Security and Privacy Engineering Principles _ Secure Failure and Recovery					no data
💼 SA-8(25) Security and Privacy Engineering Principles _ Economic Security			1		no data
💼 SA-8(26) Security and Privacy Engineering Principles _ Performance Security					no data
💼 SA-8(27) Security and Privacy Engineering Principles _ Human Factored Security					no data
💼 SA-8(28) Security and Privacy Engineering Principles _ Acceptable Security					no data
💼 SA-8(29) Security and Privacy Engineering Principles _ Repeatable and Documented Procedures					no data
💼 SA-8(30) Security and Privacy Engineering Principles _ Procedural Rigor					no data
💼 SA-8(31) Security and Privacy Engineering Principles _ Secure System Modification					no data
💼 SA-8(32) Security and Privacy Engineering Principles _ Sufficient Documentation					no data
💼 SA-8(33) Security and Privacy Engineering Principles _ Minimization					no data

Policies (6)

Policy	Logic Count	Flags	Compliance
🛡️ Google API Key is not restricted for unused APIs🟢	1	🟢 x6	no data
🛡️ Google API Key is not rotated every 90 days🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value🟢	1	🟢 x6	no data
🛡️ Google Cloud SQL Server Instance user options Database Flag is configured🟢	1	🟢 x6	no data
🛡️ Google Project has API Keys🟢	1	🟠 x1, 🟢 x5	no data