Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization includes dynamic reconfiguration of [FedRAMP Assignment: (H) all network, data storage, and computing devices] as part of the incident response capability.
NIST 800-53 (r4) Supplemental Guidance:
Dynamic reconfiguration includes, for example, changes to router rules, access control lists, intrusion detection/prevention system parameters, and filter rules for firewalls and gateways. Organizations perform dynamic reconfiguration of information systems, for example, to stop attacks, to misdirect attackers, and to isolate components of systems, thus limiting the extent of the damage from breaches or compromises. Organizations include time frames for achieving the reconfiguration of information systems in the definition of the reconfiguration capability, considering the potential need for rapid response in order to effectively address sophisticated cyber threats. Related controls: AC-2, AC-4, AC-16, CM-2, CM-3, CM-4.
References: None.
NIST 800-53 (r5) Discussion:
Dynamic reconfiguration includes changes to router rules, access control lists, intrusion detection or prevention system parameters, and filter rules for guards or firewalls. Organizations may perform dynamic reconfiguration of systems to stop attacks, misdirect attackers, and isolate components of systems, thus limiting the extent of the damage from breaches or compromises. Organizations include specific time frames for achieving the reconfiguration of systems in the definition of the reconfiguration capability, considering the potential need for rapid response to effectively address cyber threats.
38North Guidance:
Meets Minimum Requirement:
In the event of a potential or actual security incident, network, security, etc. Administrators include dynamic reconfiguration as part of the incident response. This includes the ability to change SIEM parameters, firewall filter rules and access control lists, router rules, storage configurations, etc. in order to detect cyber threats.
The organization has the ability to dynamically reconfigure all network, data storage, and computing devices and documents processes/procedures to support this capability.
There are procedures, or the system has been configured, to ensure that all network, data storage, and computing devices in the inventory can be dynamically reconfigured as part of the incident response capability, and the specific time frames for achieving reconfiguration of the system.
Best Practice:
TBD
Unofficial FedRAMP Guidance:
TBD
Assessment Evidence:
Screenshots of any management consoles used to dynamically network, data storage, and computing devices.
Policies/procedures outlining the processes supporting this capability.
CSP Implementation Tips:
Amazon Web Services (AWS): AWS allows for dynamic reconfiguration via centralized management of VPCs, NACLs, route tables, and EC2 security groups. These can be updated dynamically in response to isolate components to limit the extent of breaches or compromises.
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse