Difference between revisions of "Project Proposals/SRT"

From fd.io
Jump to: navigation, search
(Project Contact Name and Email)
(Scope)
Line 73: Line 73:
 
Consideration of security in the System Development Life Cycle is essential to implementing and integrating a comprehensive strategy for managing risk for all information technology assets in an organization. The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-64 is intended to assist federal government agencies to integrate essential security activities into their established system development life cycle guidelines.  -->
 
Consideration of security in the System Development Life Cycle is essential to implementing and integrating a comprehensive strategy for managing risk for all information technology assets in an organization. The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-64 is intended to assist federal government agencies to integrate essential security activities into their established system development life cycle guidelines.  -->
  
<!--The purpose of this guideline is to assist agencies in building security into their IT development processes. This should result in more cost-effective, risk-appropriate security control identification, development, and testing. This guide focuses on the information security components of the SDLC. Overall system implementation and development is considered outside the scope of this document.  Also considered outside scope is an organization’s information system governance process.
+
 
First, the guideline describes the key security roles and responsibilities that are needed in development of most information systems.
+
The scope of this project includes
Second, sufficient information about the SDLC is provided to allow a person who is unfamiliar with the SDLC process to understand the relationship between information security and the SDLC.
+
*
-->
+
*
  
 
== Initial Committers ==
 
== Initial Committers ==

Revision as of 02:50, 23 July 2016



srt Facts

Project Lead: Andi Rowley
Committers:

  • C.J. Collier
  • Andi Rowley

Repository: git clone https://gerrit.fd.io/r/srt
Mailing List: srt-dev@lists.fd.io
Jenkins: jenkins silo
Gerrit Patches: code patches/reviews
Bugs: unspecified

Name

Security Response Team

Project Contact Name and Email

Andi Rowley <andi.rowley@colliertech.org>

Repository Name

srt

Description

Key security activities performed by the SRT include:

  • Conduct the risk assessment and use the results to supplement the base line security controls;
  • Analyze security requirements;
  • Perform functional and security testing;
  • Prepare initial documents for system certification and accreditation; and
  • Design security architecture.
  • Maintain CPE registrations with the NIST on behalf of all FD.io projects
  • Monitor National Vulnerability Database for issues which may apply to CPEs registered by FD.io


Scope

The scope of this project includes

Initial Committers

Name Email IRC nick LFID
C.J. Collier cjcollier@linuxfoundation.org cj cjcollier
Andi Rowley andi.rowley@colliertech.org human_ arowley


Vendor Neutral

No issue regarding vendor neutrality.

Meets Board Policy (including IPR, being within Board defined Scope etc)

Meets board policy as expressed in Technical Community Charter and IP Policy

Administrata

  • Request for Project proposal consideration
  • Email:
  • Date: July 22nd 2016

External links

Retrieved from "https://wiki.fd.io/index.php?title=Project_Proposals/SRT&oldid=2182"