openshift-container-platform-4-fedramp-High.xml

<system-security-plan xmlns="http://csrc.nist.gov/ns/oscal/1.0" uuid="08e8e0e5-1be7-4e3a-b3dc-b7e63770cf91">
  <metadata>
    <title></title>
    <published>2020-07-01T00:00:00.00-04:00</published>
    <last-modified>2020-12-12T00:37:38.75+00:00</last-modified>
    <version>0.0.1</version>
    <oscal-version>1.0.0-milestone3</oscal-version>
    <revision-history>
      <revision>
        <published>2019-06-01T00:00:00.00-04:00</published>
        <version>1.0</version>
        <oscal-version>1.0-Milestone3</oscal-version>
        <prop name="party-uuid" ns="https://fedramp.gov/ns/oscal">6b286b5d-8f07-4fa7-8847-1dd0d88f73fb</prop>
        <remarks>
               <p>Initial publication.</p>
            </remarks>
      </revision>
      <revision>
        <published>2020-06-01T00:00:00.00-04:00</published>
        <version>2.0</version>
        <oscal-version>1.0-Milestone3</oscal-version>
        <prop name="party-id" ns="https://fedramp.gov/ns/oscal">csp</prop>
        <remarks>
               <p>Updated for annual assessment.</p>
            </remarks>
      </revision>
    </revision-history>
    <prop name="marking">Controlled Unclassified Information</prop>
    <role id="prepared-by">
      <title>Prepared By</title>
      <desc>The organization that prepared this SSP. If developed in-house, this is the CSP itself.</desc>
    </role>
    <role id="prepared-for">
      <title>Prepared For</title>
      <desc>The organization for which this SSP was prepared. Typically the CSP.</desc>
    </role>
    <role id="content-approver">
      <title>System Security Plan Approval</title>
      <desc>The individual or individuals accountable for the accuracy of this SSP.</desc>
    </role>
    <role id="cloud-service-provider">
      <title>Cloud Service Provider</title>
      <short-name>CSP</short-name>
    </role>
    <role id="system-owner">
      <title>Information System Owner</title>
      <desc>The individual within the CSP who is ultimately accountable for everything related to this system.</desc>
    </role>
    <role id="authorizing-official">
      <title>Authorizing Official</title>
      <desc>The individual or individuals who must grant this system an authorization to operate.</desc>
    </role>
    <role id="authorizing-official-poc">
      <title>Authorizing Official's Point of Contact</title>
      <desc>The individual representing the authorizing official.</desc>
    </role>
    <role id="system-poc-management">
      <title>Information System Management Point of Contact (POC)</title>
      <desc>The highest level manager who responsible for system operation on behalf of the System Owner.</desc>
    </role>
    <role id="system-poc-technical">
      <title>Information System Technical Point of Contact</title>
      <desc>The individual or individuals leading the technical operation of the system.</desc>
    </role>
    <role id="system-poc-other">
      <title>General Point of Contact (POC)</title>
      <desc>A general point of contact for the system, designated by the system owner.</desc>
    </role>
    <role id="information-system-security-officer">
      <title>System Information System Security Officer (or Equivalent)</title>
      <desc>The individual accountable for the security posture of the system on behalf of the system owner.</desc>
    </role>
    <role id="privacy-poc">
      <title>Privacy Official's Point of Contact</title>
      <desc>The individual responsible for the privacy threshold analysis and if necessary the privacy impact assessment.</desc>
    </role>
    <role id="asset-owner">
      <title>Owner of an inventory item within the system.</title>
    </role>
    <role id="asset-administrator">
      <title>Administrative responsibility an inventory item within the system.</title>
    </role>
    <role id="isa-poc-local">
      <title>ICA POC (Local)</title>
      <desc>The point of contact for an interconnection on behalf of this system.</desc>
      <remarks>
            <p>Remove this role if there are no ICAs.</p>
         </remarks>
    </role>
    <role id="isa-poc-remote">
      <title>ICA POC (Remote)</title>
      <desc>The point of contact for an interconnection on behalf of this external system to which this system connects.</desc>
      <remarks>
            <p>Remove this role if there are no ICAs.</p>
         </remarks>
    </role>
    <role id="isa-authorizing-official-local">
      <title>ICA Signatory (Local)</title>
      <desc>Responsible for signing an interconnection security agreement on behalf of this system.</desc>
      <remarks>
            <p>Remove this role if there are no ICAs.</p>
         </remarks>
    </role>
    <role id="isa-authorizing-official-remote">
      <title>ICA Signatory (Remote)</title>
      <desc>Responsible for signing an interconnection security agreement on behalf of the external system to which this system connects.</desc>
      <remarks>
            <p>Remove this role if there are no ICAs.</p>
         </remarks>
    </role>
    <role id="consultant">
      <title>Consultant</title>
      <desc>Any consultants involved with developing or maintaining this content.</desc>
    </role>
    <role id="admin-unix">
      <title>[SAMPLE]Unix Administrator</title>
      <desc>This is a sample role.</desc>
    </role>
    <role id="admin-client">
      <title>[SAMPLE]Client Administrator</title>
      <desc>This is a sample role.</desc>
    </role>
    <role id="program-director">
      <title>[SAMPLE]Program Director</title>
      <desc>This is a sample role.</desc>
    </role>
    <role id="fedramp-pmo">
      <title>Federal Risk and Authorization Management Program (FedRAMP) Program Management Office (PMO)</title>
      <short-name>FedRAMP PMO</short-name>
    </role>
    <role id="fedramp-jab">
      <title>Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB)</title>
      <short-name>FedRAMP JAB</short-name>
    </role>
    <location uuid="27b78960-59ef-4619-82b0-ae20b9c709ac">
      <title>CSP HQ</title>
      <address type="work">
        <addr-line>Suite 0000</addr-line>
        <addr-line>1234 Some Street</addr-line>
        <city>Haven</city>
        <state>ME</state>
        <postal-code>00000</postal-code>
      </address>
      <remarks>
            <p>There must be one location identifying the CSP's primary business address, such as the CSP's HQ, or the address of the system owner's primary business location.</p>
         </remarks>
    </location>
    <location uuid="16adcc8d-65d8-4583-80d3-9cf007744fec">
      <title>Primary Data Center</title>
      <address>
        <addr-line>2222 Main Street</addr-line>
        <city>Anywhere</city>
        <state>--</state>
        <postal-code>00000-0000</postal-code>
      </address>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">data-center</prop>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">primary-data-center</prop>
      <remarks>
            <p>There must be one location for each data center.</p>
            <p>There must be at least two data centers.</p>
            <p>For a data center, briefly summarize the components at this location.</p>
            <p>All data centers must have a conformity tag of "data-center".</p>
            <p>A primary data center must also have a conformity tag of "primary-data-center".</p>
         </remarks>
    </location>
    <location uuid="ad321514-7b9f-4374-8409-efb18eea6e5d">
      <title>Secondary Data Center</title>
      <address>
        <addr-line>3333 Small Road</addr-line>
        <city>Anywhere</city>
        <state>--</state>
        <postal-code>00000-0000</postal-code>
      </address>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">data-center</prop>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">alternate-data-center</prop>
      <remarks>
            <p>There must be one location for each data center.</p>
            <p>There must be at least two data centers.</p>
            <p>For a data center, briefly summarize the components at this location.</p>
            <p>All data centers must have a conformity tag of "data-center"</p>
            <p>An alternate or backup data center must also have a conformity tag of "alternate-data-center".</p>
         </remarks>
    </location>
    <party uuid="6b286b5d-8f07-4fa7-8847-1dd0d88f73fb" type="organization">
      <party-name>Cloud Service Provider (CSP) Name</party-name>
      <short-name>CSP Acronym/Short Name</short-name>
      <location-uuid>27b78960-59ef-4619-82b0-ae20b9c709ac</location-uuid>
      <remarks>
            <p>Replace sample CSP information.</p>
         </remarks>
    </party>
    <party uuid="77e0e2c8-2560-4fe9-ac78-c3ff4ffc9f6d" type="organization">
      <party-name>Federal Risk and Authorization Management Program: Program Management Office</party-name>
      <short-name>FedRAMP PMO</short-name>
      <link href="https://fedramp.gov"></link>
      <address type="work">
        <addr-line>1800 F St. NW</addr-line>
        <city>Washington</city>
        <state>DC</state>
        <country>US</country>
      </address>
      <email>info@fedramp.gov</email>
      <remarks>
            <p>This party entry must be present in a FedRAMP SSP.</p>
            <p>The uuid may be different; however, the uuid must be associated with the "fedramp-pmo" role in the responsible-party assemblies.</p>
         </remarks>
    </party>
    <party uuid="49017ec3-9f51-4dbd-9253-858c2b1295fd" type="organization">
      <party-name>Federal Risk and Authorization Management Program: Joint Authorization Board</party-name>
      <short-name>FedRAMP JAB</short-name>
      <remarks>
            <p>This party entry must be present in a FedRAMP SSP.</p>
            <p>The uuid may be different; however, the uuid must be associated with the "fedramp-jab" role in the responsible-party assemblies.</p>
         </remarks>
    </party>
    <party uuid="78992555-4a99-4eaa-868c-f2c249679dd3" type="organization">
      <party-name>External Organization</party-name>
      <short-name>External</short-name>
      <remarks>
            <p>Generic placeholder for any external organization.</p>
         </remarks>
    </party>
    <party uuid="f595397b-cbe4-4a87-8c86-9bff91c4e7fd" type="organization">
      <party-name>Agency Name</party-name>
      <short-name>A.N.</short-name>
      <remarks>
            <p>Generic placeholder for an authorizing agency.</p>
         </remarks>
    </party>
    <party uuid="8e3d39da-4851-4d2a-adb5-4b5585ded952" type="organization">
      <party-name>Name of Consulting Org</party-name>
      <short-name>NOCO</short-name>
      <link href="https://consulting.sample"></link>
      <address type="work">
        <addr-line>3333 Corporate Way</addr-line>
        <city>Washington</city>
        <state>DC</state>
        <country>US</country>
      </address>
      <email>poc@consulting.sample</email>
    </party>
    <party uuid="80361ec4-bfce-4b5c-85c8-313d6ebd220b" type="organization">
      <party-name>[SAMPLE]Remote System Org Name</party-name>
    </party>
    <party uuid="09ad840f-aa79-43aa-9f22-25182c2ab11b" type="person">
      <party-name>[SAMPLE]ICA POC&#39;s Name</party-name>
      <prop name="title" ns="https://fedramp.gov/ns/oscal">Individual&#39;s Title</prop>
      <email>person@ica.org.example</email>
      <phone>202-555-1212</phone>
      <member-of-organization>80361ec4-bfce-4b5c-85c8-313d6ebd220b</member-of-organization>
    </party>
    <party uuid="f0bc13a4-3303-47dd-80d3-380e159c8362" type="organization">
      <party-name>[SAMPLE]Example IaaS Provider</party-name>
      <short-name>E.I.P.</short-name>
      <remarks>
            <p>Underlying service provider. Leveraged Authorization.</p>
         </remarks>
    </party>
    <party uuid="3360e343-9860-4bda-9dfc-ff427c3dfab6" type="person">
      <party-name>[SAMPLE]Person Name 1</party-name>
      <prop name="title" ns="https://fedramp.gov/ns/oscal">Individual&#39;s Title</prop>
      <address>
        <addr-line>Mailstop A-1</addr-line>
      </address>
      <email>name@org.domain</email>
      <phone>202-000-0001</phone>
      <member-of-organization>6b286b5d-8f07-4fa7-8847-1dd0d88f73fb</member-of-organization>
      <location-uuid>27b78960-59ef-4619-82b0-ae20b9c709ac</location-uuid>
    </party>
    <party uuid="36b8d6c0-3b25-42cc-b529-cf4066145cdd" type="person">
      <party-name>[SAMPLE]Person Name 2</party-name>
      <prop name="title" ns="https://fedramp.gov/ns/oscal">Individual&#39;s Title</prop>
      <address type="work">
        <addr-line>Address Line</addr-line>
        <city>City</city>
        <state>ST</state>
        <postal-code>00000</postal-code>
        <country>US</country>
      </address>
      <email>name@org.domain</email>
      <phone>202-000-0002</phone>
      <member-of-organization>6b286b5d-8f07-4fa7-8847-1dd0d88f73fb</member-of-organization>
    </party>
    <party uuid="0cec09d9-20c6-470b-9ffc-85763375880b" type="person">
      <party-name>[SAMPLE]Person Name 3</party-name>
      <prop name="title" ns="https://fedramp.gov/ns/oscal">Individual&#39;s Title</prop>
      <address type="work">
        <addr-line>Address Line</addr-line>
        <city>City</city>
        <state>ST</state>
        <postal-code>00000</postal-code>
        <country>US</country>
      </address>
      <email>name@org.domain</email>
      <phone>202-000-0003</phone>
      <member-of-organization>6b286b5d-8f07-4fa7-8847-1dd0d88f73fb</member-of-organization>
    </party>
    <party uuid="f75e21f6-43d8-46ab-890d-7f2eebc5a830" type="person">
      <party-name>[SAMPLE]Person Name 4</party-name>
      <prop name="title" ns="https://fedramp.gov/ns/oscal">Individual&#39;s Title</prop>
      <address type="work">
        <addr-line>Address Line</addr-line>
        <city>City</city>
        <state>ST</state>
        <postal-code>00000</postal-code>
        <country>US</country>
      </address>
      <email>name@org.domain</email>
      <phone>202-000-0004</phone>
      <member-of-organization>6b286b5d-8f07-4fa7-8847-1dd0d88f73fb</member-of-organization>
    </party>
    <party uuid="132953a9-640c-46f7-9de9-3fa15ec99361" type="person">
      <party-name>[SAMPLE]Person Name 5</party-name>
      <prop name="title" ns="https://fedramp.gov/ns/oscal">Individual&#39;s Title</prop>
      <address type="work">
        <addr-line>Address Line</addr-line>
        <city>City</city>
        <state>ST</state>
        <postal-code>00000</postal-code>
        <country>US</country>
      </address>
      <email>name@org.domain</email>
      <phone>202-000-0005</phone>
      <member-of-organization>6b286b5d-8f07-4fa7-8847-1dd0d88f73fb</member-of-organization>
    </party>
    <party uuid="4fded5fd-7a65-47ea-bd76-df57c46e27d1" type="person">
      <party-name>[SAMPLE]Person Name 6</party-name>
      <prop name="title" ns="https://fedramp.gov/ns/oscal">Individual&#39;s Title</prop>
      <address type="work">
        <addr-line>Address Line</addr-line>
        <city>City</city>
        <state>ST</state>
        <postal-code>00000</postal-code>
        <country>US</country>
      </address>
      <email>name@org.domain</email>
      <phone>202-000-0006</phone>
      <member-of-organization>78992555-4a99-4eaa-868c-f2c249679dd3</member-of-organization>
    </party>
    <party uuid="db234cb7-1776-425c-9ac4-b067c1723011" type="person">
      <party-name>[SAMPLE]Person Name 7</party-name>
      <prop name="title" ns="https://fedramp.gov/ns/oscal">Individual&#39;s Title</prop>
      <address type="work">
        <addr-line>Address Line</addr-line>
        <city>City</city>
        <state>ST</state>
        <postal-code>00000</postal-code>
        <country>US</country>
      </address>
      <email>name@org.domain</email>
      <phone>202-000-0007</phone>
      <member-of-organization>6b286b5d-8f07-4fa7-8847-1dd0d88f73fb</member-of-organization>
    </party>
    <party uuid="b306f5af-b93a-4a7f-a2b2-37a44fc92a79" type="organization">
      <party-name>[SAMPLE] IT Department</party-name>
    </party>
    <party uuid="59cdc953-5902-4fa4-a878-f3163854624c" type="organization">
      <party-name>[SAMPLE]Security Team</party-name>
    </party>
    <responsible-party role-id="cloud-service-provider">
      <party-uuid>6b286b5d-8f07-4fa7-8847-1dd0d88f73fb</party-uuid>
      <remarks>
            <p>Exactly one</p>
         </remarks>
    </responsible-party>
    <responsible-party role-id="prepared-by">
      <party-uuid>3360e343-9860-4bda-9dfc-ff427c3dfab6</party-uuid>
      <remarks>
            <p>Exactly one</p>
         </remarks>
    </responsible-party>
    <responsible-party role-id="prepared-for">
      <party-uuid>6b286b5d-8f07-4fa7-8847-1dd0d88f73fb</party-uuid>
    </responsible-party>
    <responsible-party role-id="content-approver">
      <party-uuid>3360e343-9860-4bda-9dfc-ff427c3dfab6</party-uuid>
      <party-uuid>36b8d6c0-3b25-42cc-b529-cf4066145cdd</party-uuid>
      <remarks>
            <p>One or more</p>
         </remarks>
    </responsible-party>
    <responsible-party role-id="system-owner">
      <party-uuid>3360e343-9860-4bda-9dfc-ff427c3dfab6</party-uuid>
      <remarks>
            <p>Exactly one</p>
         </remarks>
    </responsible-party>
    <responsible-party role-id="authorizing-official">
      <party-uuid>49017ec3-9f51-4dbd-9253-858c2b1295fd</party-uuid>
      <party-uuid>4fded5fd-7a65-47ea-bd76-df57c46e27d1</party-uuid>
      <remarks>
            <p>One or more</p>
         </remarks>
    </responsible-party>
    <responsible-party role-id="system-poc-management">
      <party-uuid>0cec09d9-20c6-470b-9ffc-85763375880b</party-uuid>
      <remarks>
            <p>Exactly one</p>
         </remarks>
    </responsible-party>
    <responsible-party role-id="system-poc-technical">
      <party-uuid>f75e21f6-43d8-46ab-890d-7f2eebc5a830</party-uuid>
      <remarks>
            <p>Exactly one</p>
         </remarks>
    </responsible-party>
    <responsible-party role-id="information-system-security-officer">
      <party-uuid>132953a9-640c-46f7-9de9-3fa15ec99361</party-uuid>
      <remarks>
            <p>Exactly one</p>
         </remarks>
    </responsible-party>
    <responsible-party role-id="authorizing-official-poc">
      <party-uuid>4fded5fd-7a65-47ea-bd76-df57c46e27d1</party-uuid>
      <remarks>
            <p>Exactly one</p>
         </remarks>
    </responsible-party>
    <responsible-party role-id="privacy-poc">
      <party-uuid>db234cb7-1776-425c-9ac4-b067c1723011</party-uuid>
      <remarks>
            <p>Exactly one</p>
         </remarks>
    </responsible-party>
    <responsible-party role-id="fedramp-pmo">
      <party-uuid>77e0e2c8-2560-4fe9-ac78-c3ff4ffc9f6d</party-uuid>
      <remarks>
            <p>Exactly one</p>
         </remarks>
    </responsible-party>
    <responsible-party role-id="fedramp-jab">
      <party-uuid>49017ec3-9f51-4dbd-9253-858c2b1295fd</party-uuid>
      <remarks>
            <p>Exactly one</p>
         </remarks>
    </responsible-party>
    <remarks>
         <p>This OSCAL-based FedRAMP SSP Template can be used for the FedRAMP Low, Moderate, and
            High baselines.</p>
         <p>Guidance for OSCAL-based FedRAMP Tailored content has not yet been developed.</p>
      </remarks>
  </metadata>
  <import-profile href="https://raw.githubusercontent.com/usnistgov/OSCAL/master/content/fedramp.gov/xml/FedRAMP_HIGH-baseline_profile.xml"></import-profile>
  <system-characteristics>
    <system-id identifier-type="https://fedramp.gov">F00000000</system-id>
    <system-name>Red Hat OpenShift Container Platform 4.x</system-name>
    <system-name-short>openshift-container-platform-4</system-name-short>
    <description><p>Automatically generated OSCAL SSP from OpenControl guidance for Red Hat OpenShift Container Platform 4.x</p></description>
    <security-sensitivity-level>low</security-sensitivity-level>
    <system-information>
      <information-type>
        <title>Information Type Name</title>
        <description><p>This item is useless nevertheless required.</p></description>
        <confidentiality-impact>
          <base>fips-199-moderate</base>
        </confidentiality-impact>
        <integrity-impact>
          <base>fips-199-moderate</base>
        </integrity-impact>
        <availability-impact>
          <base>fips-199-moderate</base>
        </availability-impact>
      </information-type>
    </system-information>
    <security-impact-level>
      <security-objective-confidentiality>fips-199-moderate</security-objective-confidentiality>
      <security-objective-integrity>fips-199-moderate</security-objective-integrity>
      <security-objective-availability>fips-199-moderate</security-objective-availability>
    </security-impact-level>
    <status state="operational"></status>
    <authorization-boundary>
      <description><p>A holistic, top-level explanation of the FedRAMP authorization boundary.</p></description>
    </authorization-boundary>
  </system-characteristics>
  <system-implementation>
    <user uuid="ebddf85a-2c8b-493f-89af-2e03c5ede486">
      <role-id>generator</role-id>
    </user>
    <component uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" component-type="system">
      <title>This system</title>
      <description><p>The entire system as depicted in the system authorization boundary</p></description>
      <status state="under-development"></status>
    </component>
  </system-implementation>
  <control-implementation>
    <description><p>FedRAMP SSP Template Section 13</p></description>
    <implemented-requirement uuid="e0198023-c291-420f-9859-85e195c4faa9" control-id="ac-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-1_stmt.a" uuid="2971b853-d916-4401-8ca5-c8fa0924d237">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fd3fa9f6-4df1-44c0-b3fa-59a4ce506b87">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>AC-1(a) is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-1_stmt.b" uuid="ed757c19-aed5-476e-842a-a09178430b8e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b47f666e-0fe4-4bf8-808a-5666b837c0d5">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>AC-1(b) is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2c5581cf-ef35-49a4-9a0a-9debda8e77d1" control-id="ac-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-2_stmt.a" uuid="fdc1d0c5-014f-4605-ab9e-babf06ad410a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6ad7a627-339a-44a7-a584-ee8b8d28daf6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>AC-2(a) is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-2_stmt.b" uuid="3bab5523-04da-4a6f-a9a9-df415bf5d095">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="61f14919-d2bc-431e-82da-3134faaa614b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>AC-2(b) is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-2_stmt.c" uuid="893b989d-5db1-4129-8350-081bed59bba2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b4956345-f525-4925-bf7b-4908b5097170">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>AC-2(c) is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-2_stmt.d" uuid="4c9b242e-3572-40d2-9a44-0b1219ea99e3">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3850f91d-0960-42bf-9630-d79d395190f5">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>AC-2(d) is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-2_stmt.e" uuid="969844e3-6d0f-49f6-98c1-391254329da1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="07456e22-883f-406c-84f4-b2f5e919cf08">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>AC-2(e) is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-2_stmt.f" uuid="832a1208-b86c-45e9-9f3f-b9bd4af97c84">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e347cefd-92b9-4f50-8968-cff93aaa856d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>AC-2(f) is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-2_stmt.g" uuid="e80a0cfa-b390-46b1-b9cb-8ea18cbc29fd">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="31bfd818-2e8b-4eed-83b3-cd0eea10bfe8">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>AC-2(g) is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-2_stmt.h" uuid="309b0bbd-c4aa-49a7-8bf4-1e6be2c3cfda">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e691baac-1b31-4922-9a1b-6c3f31555beb">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>AC-2(h) is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-2_stmt.i" uuid="f7ea5464-e9d0-4cfa-9fe0-56c99573928c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4190dc05-462b-44fd-a76e-9a018866b323">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>AC-2(i) is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-2_stmt.j" uuid="8bb6d26d-039f-4fe5-96e2-7fdce209c1e7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a8ee0649-d86f-421d-a490-1e5d81031674">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>AC-2(j) is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-2_stmt.k" uuid="23489861-614e-405e-b5c2-17662d7768c3">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e35086b3-4628-4ffd-9fb4-439a4ba21532">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>AC-2(k) is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="71608a8a-d089-4954-b51b-2221f505ec2c" control-id="ac-2.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ac-2.1_stmt" uuid="d810afaf-6285-4d35-b93b-dfaaee5a334a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c1564796-d940-43cf-a045-b462f51cee98">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift components of the system support automated
management through monitoring of accounts and system
activity by logging of related information.

While OpenShift can generate audit data, and securely
transport the data to a SIEM, OpenShift does not provide
automated mechanisms (e.g. email, text messages) after
system events. This functionality would fall to third
party software such as an Identity Provider (IdP),
Active Directory (MSAD), LDAP, etc.

To configure an IdP, see https://docs.openshift.com/container-platform/latest/authentication/identity_providers/configuring-ldap-identity-provider.html#configuring-ldap-identity-provider</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="15663a5f-9548-43f5-90fa-9a9ee651356c" control-id="ac-2.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ac-2.2_stmt" uuid="eb582557-e0f9-48af-9d91-00a0842824b2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="91d5bc1e-6bdc-4f6d-9322-c41a68573f5c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift does not have the capability to create
guest/anonymous accounts or temporary accounts. Any
external emergency or temporary accounts will be
inherited from, and managed by, an external
identity service (e.g. Active Directory, LDAP, etc.)

To configure an IdP, see https://docs.openshift.com/container-platform/latest/authentication/identity_providers/configuring-ldap-identity-provider.html#configuring-ldap-identity-provider</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="e20a5a38-dec4-4fec-b76f-cf4e06a8ba5f" control-id="ac-2.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ac-2.3_stmt" uuid="721acfa4-a4e8-4359-8975-ef95f0549b8e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="81b3fad1-f504-4d3a-9cf6-a871edafda17">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift does not have the ability to automatically
disable user accounts. Automatic disabling of these
accounts must happen at the centralized account
management level; for example, within LDAP, Red Hat
IdM, or Active Directory.

To configure an IdP, see https://docs.openshift.com/container-platform/latest/authentication/identity_providers/configuring-ldap-identity-provider.html#configuring-ldap-identity-provider</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="ab1bfdb4-b28e-473f-8f0e-7fca979a658e" control-id="ac-2.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-2.4_stmt" uuid="ff9934b1-570a-4ace-9514-3a96da164797">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6937e246-fb33-4df9-9dc6-e93b469a1250">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>To meet FISMA requirements, OpenShift must be configured
to use centralized authentication (e.g. LDAP, Red Hat IdM,
Active Directory). The audit of account creation,
modification, enabling, disabling, and removal actions is
the responsibility of the centralized service. Additionally,
notification of organization-defined personnel or roles is
also the responsibility of the centralized authentication
service.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2e0d4e7a-3946-4faf-bf32-e7b97b978e7b" control-id="ac-2.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-2.5_stmt" uuid="b0d83af7-15be-479a-bf3d-c1ad429b569c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6cd6beeb-9176-4ef1-9609-6a0442dc4046">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for AC-2 (5) is planned. Engineering
progress can be tracked via:

https://issues.redhat.com/browse/CMP-82</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="215d4c67-0389-4250-8a9d-94e5768dc97c" control-id="ac-2.7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-2.7_stmt.a" uuid="cb087f11-2c7b-4215-9494-6f2d577fbafa">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="21350fe2-0e01-4b99-894d-c42aa132f9d8">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishing and administering privileged user accounts in accordance with a
role-based access scheme that organizes allowed information system access and
privileges into roles is an organizational control outside the scope of OpenShift

However to facilitate a control response, using Role Based Access Control (RBAC),
OpenShift roles can be used to grant various levels of access both cluster-wide as well as at
the project scope. Users and groups can be associated with, or bound
to, multiple roles at the same time.

For service accounts that might also have privileged access, Security
Context Constraints (SCC) should be used to limit privileged actions
in service accounts.

For the cluster, the kubeadmin user should be completely disabled.

More information on RBAC can be viewed at:
https://docs.openshift.com/container-platform/latest/authentication/using-rbac.html

More information for SCC can be viewed at:
https://docs.openshift.com/container-platform/latest/authentication/managing-security-context-constraints.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-2.7_stmt.b" uuid="164abe78-f231-4e48-93d2-89c799431201">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d55ad9bb-4055-47a7-bffa-a324310cc8a3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The organization monitoring privileged role assignments is an organizational
control outside the configuration of OpenShift.</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-2.7_stmt.c" uuid="49cd45ff-f358-431d-81f6-a3a6729aae6e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3c2073a3-6634-4c7a-be8d-8272d954bdba">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The organization taking defined actions when privileged role assignments are no
longer appropriate is an organizational control outside the scope of OpenShift.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2a6b5a09-c3a0-4009-9f0f-edeca0282466" control-id="ac-2.9">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-2.9_stmt" uuid="088f54b2-99bc-4179-b6fb-62a409ca203e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1e243f06-367c-4ba3-8ef9-12959c75d0b3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is applicable to the identity service provider
and outside the scope of OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="75e3c63a-6cb3-440b-8d80-e09bf7200e6a" control-id="ac-2.10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-2.10_stmt" uuid="f39028f7-2123-499f-b93c-893d702db421">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="49fc7330-de6e-4102-9900-72f2af447fbd">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift does not have the concept of group accounts.

Should the organization allow shared credentials, the
creation and management of such would fall under the scope
of operating the shared identity service and not OpenShift.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b38f0f43-bc35-44b4-ae9f-07ea53c08456" control-id="ac-2.11">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-2.11_stmt" uuid="d85ba742-b7c9-4eeb-bad5-6613996c1b0b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4ac0abd9-717a-4aea-bd6a-21fa4d54e86e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Enforcement of organization-defined circumstances and/or usage
conditions is the responsibility of third party identity
management software such as Red Hat Identity Management (Red Hat IdM),
Active Directory (MSAD), LDAP, etc.

To configure an Identity Provider (IdP), refer to the "Authentication"
chapter of the OpenShift Container Platform documentation at
https://docs.openshift.com/container-platform/latest/authentication/understanding-authentication.html</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f87599d6-cdda-44c8-a492-0a03ce2512da" control-id="ac-2.12">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-2.12_stmt.a" uuid="3e81fc69-33f7-479e-bfd3-ea0347fe65ff">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6081c351-b18f-4343-8345-f7972bf41f8d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for AC-2(12)(a) is planned. Engineering
progress can be tracked via:

https://issues.redhat.com/browse/CMP-259</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-2.12_stmt.b" uuid="bded1b14-61c2-475a-b9a5-925cfdb9c421">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bc5978cb-1d46-4568-8533-5ad7f0b52d7e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for AC-2(12)(b) is planned. Engineering
progress can be tracked via:

https://issues.redhat.com/browse/CMP-259</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9acf0cc8-f955-4bdc-b6ba-168f06052b5e" control-id="ac-2.13">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-2.13_stmt" uuid="f102a128-ddfb-41e6-b2d0-93af2e08babd">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="74cf5a18-ead4-4dc2-a5ef-b0e174d6435f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for AC-2(13) is planned. Engineering
progress can be tracked via:

https://issues.redhat.com/browse/CMP-211</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="8ed60360-91df-45c9-bae5-82a7bc31a7b3" control-id="ac-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ac-3_stmt" uuid="f0bb86a5-90e9-402d-b977-53a357f35912">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3144d8bb-1a8d-444d-809e-f38d4290dad3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is met through the use of Role-based Access Control
for an OpenShift user. Namespaces should also be configured to
sandbox users and resources to only the required projects.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="52d4a6ad-af88-4e7d-92f8-effe11d5f363" control-id="ac-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-4_stmt" uuid="d22b8559-ef87-40a0-96c1-9b10c8adb3c8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e6345764-c22c-4e76-b06a-f8c1d20537d8">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-98</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="721e36ee-4972-4f66-917a-f0a50e5b2e70" control-id="ac-4.8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-4.8_stmt" uuid="8709ed06-0aa5-4116-8e96-797cfaf6a239">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="312139bd-3d1f-41d7-bad3-93d576adf533">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-103
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="013bf472-055f-4057-a9a7-67e12094efbf" control-id="ac-4.21">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-4.21_stmt" uuid="726b5013-677d-483e-8063-362924525d43">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="58c793a2-66e5-488b-bdd8-eb09cd4d03c6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for separating information flows
within the customer application. A successful control response will
need to address the customer organizational requirements for
the separation of information flows, and the mechanisms and
techniques used to accomplish this separation.

A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-113</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f2764d74-68e7-4097-9afe-4af33f58ebce" control-id="ac-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-5_stmt.a" uuid="4f9794ad-e884-4617-8ae1-a5dbfd8173a1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3c7839c5-1a22-4bcc-8f60-a3bb9edc75a8">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Separation of duties is an organizational process outside the
scope of OpenShift configuration.

However, to aide in such processes, note that OpenShift provides the capability to
implement Role-based Access Control (RBAC) which determine whether a
user is allowed to perform a given action. Documentation on the OpenShift RBAC
capabilities can be found at
https://docs.openshift.com/container-platform/latest/authentication/using-rbac.html
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-5_stmt.b" uuid="56c7bb04-452f-4526-8868-bddaf9d9072f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ffa33246-5de2-4462-b5eb-0e156fa0bc87">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Documentation of the separation of duties of individuals
is an organizational control outside the scope of OpenShift
configuration.

However, to aide in such processes, note that OpenShift provides the capability to
implement Role-based access control (RBAC) objects which determine whether a
user is allowed to perform a given action. Documentation on the OpenShift RBAC
capabilities can be found at
https://docs.openshift.com/container-platform/latest/authentication/using-rbac.html
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-5_stmt.c" uuid="a7b31cd4-647b-46a2-97c8-dcd939af4ffc">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b0bbfdca-fada-4c60-844f-97352e49b8cf">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes which define information system access
authorizations to support separation of duties is outside
the scope of OpenShift configuration.

However, to aide in such processes, note that OpenShift provides the capability to
implement Role-based access control (RBAC) objects which determine whether a
user is allowed to perform a given action. Documentation on the OpenShift RBAC
capabilities can be found at
https://docs.openshift.com/container-platform/latest/authentication/using-rbac.html
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="88abbdda-8e98-4645-80b9-5595e5f7d2c3" control-id="ac-6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-6_stmt" uuid="2919dd72-8813-440e-95aa-eb4a48e9292a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="9f513ea4-777c-4021-88e1-d944a78e84d1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-115
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="be17b2e2-832e-40b8-8b3f-ecfca434f4cb" control-id="ac-6.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-6.1_stmt" uuid="3d1ce575-6e16-4e36-a4ba-c376990f21c1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="23d844c0-1c7c-4fb3-a161-cf80cdee6df3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-219
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2f88947c-672c-42df-9318-6837c2af234b" control-id="ac-6.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-6.2_stmt" uuid="3c9f06ea-c341-4363-a3b9-10d98fb1db5e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2aeeba05-5891-442d-8182-60a5a0389867">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This is an organizational/procedural control outside the scope of
OpenShift configuration.

The customer will be responsible for requiring users to use the
lowest level of access required to perform any given function. In
terms of OpenShift, this may require creation of multiple logon
accounts per user. When users require access to privileged functions
or capability, they will need to logout from the unprivileged account
and login with an account that has received appropriate RBAC rights.

Note: OpenShift does not have privilege escalation capabilities similar
to sudo in Linux. Users will have to completely logout/login when
requiring privilege escalation between accounts.

A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-220
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4100a8f8-1f78-4407-b795-bdf0701c0f12" control-id="ac-6.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-6.3_stmt" uuid="499aa97e-3b1e-420e-add9-8448f116f6cd">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="818e1642-8cbf-4280-a5ab-8144eebf9490">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-116
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="e3e3efab-5461-4dd0-8720-65773f2e5379" control-id="ac-6.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-6.5_stmt" uuid="6582b7a1-0f0e-4d84-98f3-ebe259e0b29d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="626ddc47-b7c5-417f-9610-19c21a97cfcc">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-118
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2a68cc68-51ca-4be6-8b16-f1502d1cb844" control-id="ac-6.7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-6.7_stmt.a" uuid="99469d77-e2ea-4e2d-ac5e-8dbb5dbd9a01">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3fc363e0-de94-43fd-867c-525b51ed2a6b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-120
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-6.7_stmt.b" uuid="a9c46f7c-06d2-48e6-aea5-ec2587b9034d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3fc363e0-de94-43fd-867c-525b51ed2a6b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-120
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4df7c521-e3cd-4eda-bdc8-16124c4e954c" control-id="ac-6.8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-6.8_stmt" uuid="7e007e2d-0b19-4f3f-8b9a-213513d71f65">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e00fda25-a5ed-47ed-8e6f-3a356934e6af">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-121
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a46cc993-69c0-40a9-b1c7-3b51a8170ecc" control-id="ac-6.9">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-6.9_stmt" uuid="1b950782-4ef9-4f2f-aa12-d01c6885456e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a7754724-50c8-4d11-b4a0-d4235cb8ef81">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for auditing the execution of
privileged functions. A successful control response will need
to relate this requirement to the general auditing requirements
of the AU control family.

A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-122
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="3e6efe21-9357-46fb-9506-c930ed1c9bd1" control-id="ac-6.10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-6.10_stmt" uuid="fcec7506-27c3-45a4-abc8-25e198fd2ca7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="0f817e29-325b-449e-9120-08bf8dc62dca">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for ensuring that non-privileged
users cannot execute privileged functions. A successful control
response will need to discuss the use of centralized authentication
and authorization and any other means of enforcement of privilege
levels.

A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-123
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="cb84ea2a-aa7f-4ca1-a112-98adda4ef300" control-id="ac-7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-7_stmt.a" uuid="c6f44433-35ce-4551-8e69-ccd1c6fefbfd">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3d49b1fd-a0dd-4916-bd70-cd9f161a830e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for enforcing a limit on consecutive
failed login attempts.

A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-124
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-7_stmt.b" uuid="5b7d9846-3174-4dac-9b78-192e9dbb169c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="83315ca3-684a-4b34-943a-05edbd9f2a26">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for taking required
actions defined by the customer, upon account lockout.

A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-124
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="08586364-c958-4a7f-b6f4-ff7fb2d072d1" control-id="ac-7.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-7.2_stmt" uuid="40df52ad-3607-4303-aba2-b61267d9b288">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="822771c4-a630-4c20-9407-2569b57309a6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Management of mobile devices is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="1871ab2d-f550-4a44-abf0-755904c32987" control-id="ac-8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-8_stmt.a" uuid="81fee283-7ebc-4201-8c6f-6c842d1258ad">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="dbaba125-1dff-4fe4-a089-3bbbfa1485ed">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for displaying a system use
notification banner to users. A successful control response will need
to address the conditions under which the banner will be displayed
(if a non-government user accesses the system, the system use
notification banner may not be appropriate), as well as the contents
of the notification message.

In context of OpenShift, a banner must be displayed for all means
of accessing OpenShift itself (e.g. service consoles, remote access
through SSH, etc).

A control response to AC-8 is planned. Progress can be tracked
via:

https://issues.redhat.com/browse/CMP-125
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-8_stmt.b" uuid="196b39d7-5d87-483b-8ce5-32a33ca589a4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="557a28c6-1c41-4bc4-90b6-53de6fe4fd8c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for displaying the use notification
banner until the user acknowledges the usage condition and takes
explicit actions to further access the system. A successful control
response will need to address the means by which the user will indicate
acknowledgement and move forward.

A control response to AC-8 is planned. Progress can be tracked
via:

https://issues.redhat.com/browse/CMP-125
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-8_stmt.c" uuid="c28e12bc-a3d3-4a70-b7ee-b7de8ecf75bc">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="af0bc3ea-ca24-4552-8656-59fba841b604">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for displaying a system use
information message to users. A successful control response will need
to address the conditions under which the message will be
displayed (if a non-government user accesses the system, the system
use information message may not be appropriate), as well as the
contents of the notification message, including references to
applicable monitoring, recording, or auditing, and authorized usage
of the system.

A control response to AC-8 is planned. Progress can be tracked
via:

https://issues.redhat.com/browse/CMP-125
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-8_stmt.c.1" uuid="1d329e71-fa09-40ba-9b20-8996bcdbc077">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f11243ca-3eaa-4b60-b965-36ff3af33ac3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for determining the conditions
under which the system use notification will be displayed. These
conditions must be reviewed and accepted by the FedRAMP JAB.

A control response to AC-8 is planned. Progress can be tracked
via:

https://issues.redhat.com/browse/CMP-125
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-8_stmt.c.2" uuid="98f8e7d7-eb26-49ac-a193-e2204f0cbf04">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4e55af32-263c-45f9-95eb-3d2aa3bb3d39">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for how the system use notification
will be verified and how often it should be re-displayed and
re-verified. These conditions must be reviewed an accepted by the
FedRAMP JAB.

A control response to AC-8 is planned. Progress can be tracked
via:

https://issues.redhat.com/browse/CMP-125
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-8_stmt.c.3" uuid="c70495dd-83a3-4cdc-9159-d11e8552f9b7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f774fb73-6464-4e11-9977-19048563a4b2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for verifying that the system use
notification is being displayed as required, either through a
configuration baseline check or via other means. If this verification
does not happen through a configuration baseline check, the JAB must
review and accept the process used to perform the verification.

A control response to AC-8 is planned. Progress can be tracked
via:

https://issues.redhat.com/browse/CMP-125
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="317d48f2-c463-4fd9-a033-49c4ef0fa7d0" control-id="ac-10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-10_stmt" uuid="3f970970-cbef-4fb6-a9b4-26b91e499a28">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3aed70d9-b8b8-4e83-89c0-337f33551afc">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for limiting the number of
concurrent sessions to the customer application as required.
A successful control implemented will need to address the technical
mechanism used to enforce this limit.

A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-131
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="e915b154-d306-4240-b477-551192bcedc5" control-id="ac-11">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-11_stmt.a" uuid="ddde43f0-56b3-481b-96dc-95b0befdff3c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="cc13d468-eafb-4e76-a258-4653088b4c5a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-222
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-11_stmt.b" uuid="9cfa0153-ccc7-4fad-baac-e5e5beee1046">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="cc13d468-eafb-4e76-a258-4653088b4c5a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-222
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="ab6903c4-8a5b-4507-ad07-184780da55aa" control-id="ac-11.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-11.1_stmt" uuid="e16650c5-8d95-4e15-bc8e-5d3e7457ba56">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="09896195-8492-4293-a137-628ef9ab4ea0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-221
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="80d9fe3f-ec91-44e1-8c30-69b9aaf4e472" control-id="ac-12">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-12_stmt" uuid="fc0fc943-da69-4c4e-946a-4d377389240b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="292db0d7-a6a2-4127-a9b1-4efb2359e579">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for defining events or conditions
requiring disconnection (for example, user requesting logout), and for
terminating the session when those events or conditions arise. A
successful control response will need to outline the qualifying events
or conditions.

A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-132
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="edcfc5d5-054c-4603-ba23-fbb6e12a7953" control-id="ac-12.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-12.1_stmt.a" uuid="ef94f017-ef31-4e14-8be6-7ddb45ce7650">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ea329058-ee40-4d53-9f8c-a69dc05d21d4">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-223
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-12.1_stmt.b" uuid="090cba7d-410b-482a-a704-1618cd44d50a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ea329058-ee40-4d53-9f8c-a69dc05d21d4">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-223
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2292ced5-1bda-494f-aa51-ef64228072a5" control-id="ac-14">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-14_stmt" uuid="627160b9-85a7-4e24-9beb-643788ea9fd2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="10130008-0803-4042-898f-872c8464d34f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Regardless of access mechanism, such as the OpenShift Console or remote
access attempts through SSH, unauthenticated users will only be shown the
system use notifications (as defined in AC-8) and login prompt. This is
non-configurable behavior.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="5a29a780-d78e-4632-ab61-dc00a1cb0cff" control-id="ac-17">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-17_stmt.a" uuid="f3fdfb30-0212-4348-a5ad-ab13c5acb066">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-17_stmt.b" uuid="b2e75aa9-b2f3-4990-a770-899b2be99b15">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="e8186e42-4077-4a1f-8d78-734534553a2d" control-id="ac-17.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-17.1_stmt" uuid="b27603fc-b7e2-49a2-99f6-2ae0836e0d8e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="32c2c705-2546-4bef-9f35-b858913689b3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="88b90b9a-fb15-4e92-9fc6-1fa52e43892c" control-id="ac-17.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-17.2_stmt" uuid="f3d9d92e-2e38-4824-be78-32ed9cf94460">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="36668d5a-b24d-47f1-9ae3-69c368fbb2c8">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Beginning with OpenShift 4.3, when OpenShift is deployed on Red Hat Enterprise
Linux, and FIPS is enabled as a kernel setting, OpenShift will use OpenSSL
libraries instead of the native Golang crypto. The system operator will need to
verify that OpenShift is being deployed on a version of Red Hat Enterprise Linux
that has been FIPS validated.

Prior to OpenShift 4.3, remote sessions were encrypted using Golang-provided
cryptography. While not FIPS validated, this included the following
cryptographic algorithms and ciphers to protect the confidentiality
and integrity of remote access sessions:
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
        - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        - TLS_RSA_WITH_AES_128_CBC_SHA
        - TLS_RSA_WITH_AES_256_CBC_SHA
        - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
        - TLS_RSA_WITH_3DES_EDE_CBC_SHA

A better control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-144
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="39d48f16-1d4f-47cd-a477-ddb3574cdf02" control-id="ac-17.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ac-17.3_stmt" uuid="7967ae9c-1cd4-42ae-bdcf-f84c036ae938">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="09af0121-32d6-4b5b-8587-b4c4adeea806">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for requiring remote access
connections to the customer application to be routed through
customer-defined network access control points. A successful control
response will need to address the nature, number, and location of
such access control points, as well as the security controls in place
to protect those access control points.

Managed access points can be created and configured through the use of
bastion hosts, ingress rule(s), and/or opening a route to a new access point.

Documentation for creating and using a bastion host can be viewed at:

https://docs.openshift.com/container-platform/latest/networking/accessing-hosts.html

Documentation for creating an ingress rule can be viewed at:

https://docs.openshift.com/container-platform/latest/networking/configuring_ingress_cluster_traffic/overview-traffic.html

Documentation for creating a route can be viewed at:

https://docs.openshift.com/container-platform/latest/networking/routes/route-configuration.html
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2b7ceece-2a8a-4c2b-8f5a-d14e43c96d30" control-id="ac-17.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-17.4_stmt.a" uuid="2fac32de-656d-4642-bf78-e1cf164fc928">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="62f34e74-45a1-484f-8492-9f54561aaef5">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Authorizing the execution of privileged commands and access to security-relevant
information via remote access only for organizational defined needs is an
organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-17.4_stmt.b" uuid="2a3800a5-ea81-426a-9eed-8686d02c572c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="69ea0dae-a55a-45a6-bed8-76192aeac67f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Documenting the rationale for the execution of privileged commands and access to
security-relevant information via remote access in the security plan for the
information system is an organizational control outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="6d39d74d-7cc9-4300-95e0-18776a3bb79a" control-id="ac-17.9">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ac-17.9_stmt" uuid="0f860f1f-ebb3-4506-af67-3a93ecc11ef4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a7de19c9-673d-4a6d-8e4d-796b592c1787">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift utilizes the firewall technology embedded into Red Hat
Enterprise Linux. This technology, named firewalld, allows a system
administrator to configure host-based rules which take effect
immediately. This gives an OpenShift operator the ability to immediately
drop all remote connections.

Additionally, OpenShift nodes may be placed into Maintenance Mode. This
designation will migrate applications from a given cluster node to
another, disconnecting any active sessions to a given cluster node.

If immediate disconnect of all hosted applications are desired,
individual containers may be halted. This will disconnect user sessions
for tenant applications immediately.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a137be9b-db9a-4432-b346-697717b883de" control-id="ac-18">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-18_stmt.a" uuid="ce5ee22d-7d86-436c-bed8-98ba87480aac">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="67017357-816e-48d8-ad67-84ca7d5d9d24">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes regarding the establishment of wireless
access usage restrictions are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-18_stmt.b" uuid="506e53cb-dc82-4df4-8615-623609005745">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8e370990-461a-4d3a-a840-d0ca212cde3f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes regarding wireless access to the information
system are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="56c8fc13-85fd-4f4b-b7a2-f8823dcbc13a" control-id="ac-18.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-18.1_stmt" uuid="659e3e0a-5917-4d36-adce-d7fd342315a9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b1ceb27e-635d-442f-b219-3e1be8d30867">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Configuration of wireless networking is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="51261dbe-afe8-46ca-bf6f-ab1c681b2524" control-id="ac-18.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-18.3_stmt" uuid="ce9621a6-530f-468f-8072-6b7c3ff17079">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="dc76a2f2-8b79-4470-83f0-d2449fce262e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The configuration of wireless networking is accomplished at the
OpenShift node / operating system layer and is not applicable to
the OpenShift Kubernetes layer.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="bbed9704-30f7-4639-abac-d348cbdbf691" control-id="ac-18.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ac-18.4_stmt" uuid="191b8ab3-eb22-4fdf-a2b4-5083390aa2c6">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="0ec82b54-7830-424c-a8a2-f043de69f6f1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-149
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="fa84436a-a684-451d-b45f-af11df137574" control-id="ac-18.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-18.5_stmt" uuid="0fc553b9-137b-406e-9750-7ae6c58d1b97">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="eb61e54a-f505-4fef-a1c1-1c2c91b06993">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Radio antenna selection and calibration is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="86ed2bac-7994-444e-aa3b-062de041b71e" control-id="ac-19">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-19_stmt.a" uuid="179cd8c9-3d7d-4984-b992-f75b748a5622">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1426997b-7d52-4dba-b9d5-84fee93f7d8b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishing organizational usage restrictions for mobile devices is outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-19_stmt.b" uuid="58260cd8-1853-4758-8827-2d7b8fe2e9d2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="296305da-52b8-4adb-bc00-f2d04345bc9f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Authorization of mobile devices is outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="dd752582-728f-4f6c-9caf-fe4bd2fd4422" control-id="ac-19.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-19.5_stmt" uuid="4f1455e4-2691-4587-bc33-3cc15fbf181c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c4549175-08d5-4dce-9837-a98c69cb0694">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Encryption strategies for mobile devices is outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="0794e2f3-0316-4600-987b-57769e6091d3" control-id="ac-20">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-20_stmt.a" uuid="c3ceb797-40c9-4c32-88da-bc2c3d02557a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2e2635d7-0d90-45f7-ab07-a72f837f9950">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes for establishing terms and conditions
for accessing the information system from external information
systems is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-20_stmt.b" uuid="0de55e9f-7322-4e3e-8934-b0ba825f62a4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f5372dc5-f754-4f92-85af-1a52d9aa9a4e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes for establishing terms and conditions
for the processing, storage, or transmission of organization-controlled
information using external information systems is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a02d662d-2d0d-413f-a040-1a2400dc933c" control-id="ac-20.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-20.1_stmt.a" uuid="3b390916-7af6-4ede-9787-392e09e4cf1e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="86d7739f-3888-4a20-8cd9-c17683414ca5">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Verification of security control implementation on external systems
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-20.1_stmt.b" uuid="cffcb9b7-ad0a-43d7-94ad-3aebe0650ed0">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8d21ed88-81a8-4e27-9806-4dbce94289f6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Retention of approved information system connection or processing
agreements with organizational entities hosting the external
information system is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="738af087-76f9-4aa8-ab3f-a1bb09c19568" control-id="ac-20.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-20.2_stmt" uuid="8d0ca122-e016-4d26-8c98-dc10bdc3af88">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="16969b66-25bf-4ef0-8fcb-f65b8f820f02">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes regarding the restriction or
prohibiting of the use of organization-controlled portable
storage devices by authorized individuals on external information
systems is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="61a0e15e-4c16-43aa-a234-4d335e4ce619" control-id="ac-21">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-21_stmt.a" uuid="7e54743e-5a48-414c-9276-b5c5d341b28d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6bf8c9ef-3cdd-41ba-93a1-5cceb69f17d4">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Facilitation of information sharing is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-21_stmt.b" uuid="ebdf4603-5832-43c0-a84e-a8da8858ddef">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e5635039-936c-456c-8f6d-5f3b83b3cadf">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Employment of technology or processes to assist users in making
information sharing/collaboration decisions is outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f6ef3a84-58d8-4513-aad4-89f3f6a90990" control-id="ac-22">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ac-22_stmt.a" uuid="c7e11f37-7e67-4880-bc3a-b57dba50840b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="376f4ff8-c17d-40df-9517-a104d6234154">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes regarding the designation of individuals
authorized to post information onto a publicly accessible information
system is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-22_stmt.b" uuid="3fefacff-d1d5-45e2-91a1-3bcec05feab2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec07b4f-b422-4324-8342-a8a0a2d4082e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Training authorized individuals to ensure that publicly accessible
information does not contain nonpublic information is outside the
scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-22_stmt.c" uuid="74b40455-dd6b-4af8-a62f-6be80b7b921f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2009a919-1675-4f79-9e2b-92ef86ab360d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Reviewing the proposed content of information prior to posting onto
the publicly accessible information system to ensure that nonpublic
information is not included is outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ac-22_stmt.d" uuid="78333f22-f26a-43d3-84ef-4fd62a7fc128">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="179f843f-79fd-4d99-91e7-a6276487bab9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Reviewing content on the publicly accessible information system
for nonpublic information at an organization-defined frequency and
removal of such information, if discovered, is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a5f7c261-b143-4932-bafe-56a203d2974f" control-id="at-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="at-1_stmt.a" uuid="4fb55f92-8f7a-4b68-9edf-48625ce3a62a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec21d0a-8f0b-4ec3-935b-62a5310fc014">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="at-1_stmt.b" uuid="faf43c77-46a3-41ed-8d55-a238c5c3c300">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec21d0a-8f0b-4ec3-935b-62a5310fc014">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="187bbf86-112c-43bb-a6b1-0370ac67b459" control-id="at-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="at-2_stmt.a" uuid="11e87d5e-a558-4352-8418-864f48a3fa5a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec21d0a-8f0b-4ec3-935b-62a5310fc014">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="at-2_stmt.b" uuid="6b809c4b-ae3b-448a-b599-1cc724f41ce5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec21d0a-8f0b-4ec3-935b-62a5310fc014">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="at-2_stmt.c" uuid="326f3d80-8c5a-4a2a-ab26-8a3a290f2d01">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec21d0a-8f0b-4ec3-935b-62a5310fc014">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="85423d56-ffaa-47b7-91de-4b3716fdc1e9" control-id="at-2.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="at-2.2_stmt" uuid="df48593e-8383-492b-bf47-79f3bf4bc514">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec21d0a-8f0b-4ec3-935b-62a5310fc014">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="6b128074-d806-4839-b3ec-d1afd70507f0" control-id="at-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="at-3_stmt.a" uuid="9fd8bcd9-0953-4643-8659-30a875b9bf4e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec21d0a-8f0b-4ec3-935b-62a5310fc014">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="at-3_stmt.b" uuid="c069e62b-112d-4576-aa88-f8728db3cd66">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec21d0a-8f0b-4ec3-935b-62a5310fc014">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="at-3_stmt.c" uuid="e21d0bf9-7aac-4595-be92-736aeec4ec3e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec21d0a-8f0b-4ec3-935b-62a5310fc014">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="60a1baef-90a2-4386-95d1-67bc0cac3143" control-id="at-3.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="at-3.3_stmt" uuid="0615dde9-2371-44b0-99f9-314729a2ac31">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec21d0a-8f0b-4ec3-935b-62a5310fc014">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4e1b516b-90f5-4543-8add-c1421d1690c9" control-id="at-3.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="at-3.4_stmt" uuid="ed3cb1b5-cde2-4534-a9e0-5bb306499e60">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec21d0a-8f0b-4ec3-935b-62a5310fc014">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2ff212e3-ac02-4eba-8546-8fa25721828c" control-id="at-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="at-4_stmt.a" uuid="07d09c72-058c-4b7e-be8b-044b9a8f8236">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec21d0a-8f0b-4ec3-935b-62a5310fc014">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="at-4_stmt.b" uuid="2ffa39fb-db05-43b4-83ff-65762cef8c30">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fec21d0a-8f0b-4ec3-935b-62a5310fc014">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="ef0a9955-e6e6-400a-b0c2-4c90a3572de1" control-id="au-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="au-1_stmt.a" uuid="a62838df-3f8d-4562-bab9-7c3fb3901ef9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f02538f5-6b4b-47ad-be64-68cde7e322b2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Developing an organization-level audit and accountability
policy is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="au-1_stmt.b" uuid="1a981643-a22c-4097-907f-183a4a6c69ae">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="896963fb-9a31-41f0-b128-3d133586df01">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Review and updating an organizational-level audit and
accountability policy is outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7be12d88-184e-400b-9fa3-52fd68eacaca" control-id="au-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="partial"></annotation>
      <statement statement-id="au-2_stmt.a" uuid="4d421c20-31f0-4ce1-ac50-b99c88342ff9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="22194943-6a36-4115-93d0-d17399a4c4d1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-155
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="au-2_stmt.b" uuid="6ddc33b4-cc7e-4bd2-9457-d7d9fb9004d0">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="67377e19-ce57-493f-afbb-94b5aeef99cf">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Coordinating the security audit function with other
organizational entities is outside the scope of
system configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="au-2_stmt.c" uuid="42087765-e3cd-4949-9dd3-81ec7c375538">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f152a6a4-2281-40a1-b8a3-36d556dd583e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>For rationale regarding why the auditable events are deemed to be
adequate to support after-the-fact investigations of security incidents,
please contact your countries Common Criteria representative:
https://www.commoncriteriaportal.org/ccra/members/
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="au-2_stmt.d" uuid="5888b387-1140-4214-85f2-a70baffb4734">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="22194943-6a36-4115-93d0-d17399a4c4d1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-155
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a8714d40-4409-4029-970f-b6db4119d80d" control-id="au-2.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="au-2.3_stmt" uuid="4c57f753-4a67-4f30-8406-64b13510536f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fe2ca5ac-2ed2-4808-817a-dc1fb2d7cdc7">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational review and updates to the audited events are
outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a8aa07c1-977c-4acf-ab95-7b1304cd50db" control-id="au-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="au-3_stmt" uuid="c9bdcd27-57a5-4c8d-9187-b9b44e8aedd1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b86a2f7e-3776-48bf-b89d-a341ef18bb87">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-156
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="c1e0e21f-dcd1-496e-8035-c390c79d8ee5" control-id="au-3.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="au-3.1_stmt" uuid="75fb7866-11a8-41b8-bad1-b9155c8ffcc5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1dc50397-62c3-4794-9b21-da85086bc5ae">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-157
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="25e3d638-55ab-41e3-8419-8af242870322" control-id="au-3.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="partial"></annotation>
      <statement statement-id="au-3.2_stmt" uuid="e2d7f1db-1330-40eb-92f5-7d3684aaea29">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ac67f87f-a691-499e-b0cb-ca3480061d70">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-158
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="29b45c5c-75d3-46af-be25-434858dee17e" control-id="au-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="partial"></annotation>
      <statement statement-id="au-4_stmt" uuid="18d3e825-6592-4360-aac3-79664eca082d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="efa9da94-2510-4f80-b6c9-1acdb42d0e4f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-159
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f97bbe7b-147d-412e-b97a-16f76d92e95b" control-id="au-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="au-5_stmt.a" uuid="33bda322-1557-4843-a1ac-2a625bffba6d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="685697d4-0052-41cf-a049-3274830e10f0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-161
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="au-5_stmt.b" uuid="c41dba8f-3f59-4ea9-bf10-ab1ba45f6ae6">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="685697d4-0052-41cf-a049-3274830e10f0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-161
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2e89a770-e938-4cf3-9f8a-7420bd9fa4e9" control-id="au-5.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="au-5.1_stmt" uuid="dcd1a857-b0c8-4703-b66c-adf58cdea558">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c6af428a-7963-4178-9852-66a5bd50c9fc">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-162
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="6a79d009-e381-4bbb-8e52-8060b292bd61" control-id="au-5.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="au-5.2_stmt" uuid="d7d48242-d792-4c50-84cd-19e48829b55c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="274573cc-54ec-4bf5-8e71-e5eea86312eb">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-163
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b8f5d492-d89a-47a8-8100-8d3467acfd32" control-id="au-6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="au-6_stmt.a" uuid="08063edb-8d74-4477-818b-b829fbd5dbd1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a88cb0f4-5871-49b9-9199-2ed0b21e10cf">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational review and analysis of information system
audit records for indications of organization-defined
inappropriate or unusual activity is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="au-6_stmt.b" uuid="1a73feb9-9aa3-4bbc-b713-e4094e86ea4b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="eca14996-d7f3-4ce1-bdf3-addb2bb13ac1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Reporting findings of organization-defined inappropriate or
unusual activity to organization-defined personnel or roles is
outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="8f3651de-9640-4a2c-85b7-11ac36329a38" control-id="au-6.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="au-6.1_stmt" uuid="17f07aaa-cd19-4907-b660-672d4014657e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="0829c1f9-bba9-4e1c-a268-31bdcebefe36">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:
https://issues.redhat.com/browse/CMP-167
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="bf22437c-7619-499e-9d5c-94a487cb035a" control-id="au-6.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="au-6.3_stmt" uuid="e0ef9471-ce63-420e-ad27-c678b3f9f0ea">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="eaa9b62c-fbb9-4a23-ba48-c729771c4471">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational analysis and correlation of audit records across
different repositories to gain organization-wide
situational awareness is outside the scope
of OpenShift configuration.

To aide in such organizational processes, note that OpenShift's
Cluster Logging Operator enables OpenShift administrators to
configure custom pipelines to send OpenShift cluster logs to remote
log stores. These remote destinations, such as Elastic or
Splunk endpoints, could be used for information system-wide correlation.

Documentation regarding how to forward cluster logs using the
Cluster Logging Operator to specific endpoints can be found at:

https://docs.openshift.com/container-platform/latest/logging/cluster-logging.html
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b52803c4-028e-4068-905a-fcbb50e6f55c" control-id="au-6.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="au-6.4_stmt" uuid="bb7cef9a-0dd3-4c4a-b38b-5029e4c7af88">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="959f02a7-a674-4051-b750-416dfa4607c2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational capability to centrally review and analyze
audit records from multiple components within the system
is outside the scope of OpenShift configuration.

Note: When AU-4 (1) is enforced OpenShift will be configured
to off-load audit records onto a different system
or media than the system being audited. In practice this correlates
to offloading audit records to a SIEM (e.g. Elastic). However,
this control is specifically about centralized review and analysis,
and not offloading records, thus AU-6 (4) is marked as not
applicable.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d0a3f259-d28e-4cce-8b40-0233e64539fe" control-id="au-6.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="au-6.5_stmt" uuid="b475dfcb-e949-469b-95ce-d1315af1765a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f43d4e88-eb5e-4bdf-a18a-5c248bd14e7a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational capability to integrate analysis or audit
records with analysis of additional organization-defined
data/information collected from other sources to further
enhance the ability to identify inappropriate or unusual
activity is outside the scope of OpenShift configuration.

To aide in such organizational processes, note that OpenShift's
Cluster Logging Operator enables OpenShift administrators to
configure custom pipelines to send OpenShift cluster logs to remote
log stores. These remote log stores, such as Elastic
or Splunk endpoints, could be used for information
system-wide correlation.

Documentation regarding how to forward cluster logs using the
Cluster Logging Operator to specific endpoints can be found at:

https://docs.openshift.com/container-platform/latest/logging/cluster-logging.html
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f2aec883-8a98-41da-a6a1-c01dd804bebd" control-id="au-6.6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="au-6.6_stmt" uuid="8593dfda-cc51-4d93-922e-4decd352f600">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e3618fd5-f43b-46d4-9e14-d68724a155c3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational capability to correlate information from
OpenShift audit records with information obtained from monitoring
physical access to further enhanced the ability to identify
suspicious, inappropriate, unusual, or malevolent activity
is outside the scope of OpenShift configuration.

To aide in such organizational processes, note that OpenShift's
Cluster Logging Operator enables OpenShift administrators to
configure custom pipelines to aggregate all the logs to remote
destinations. These remote destinations, such as Elastic
or Splunk endpoints, could be used for information
system-wide correlation.

Documentation regarding how to forward cluster logs using the
Cluster Logging Operator to specific endpoints can be found at:

https://docs.openshift.com/container-platform/latest/logging/cluster-logging.html
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9c616f83-3475-42b2-9707-d6cf49a91080" control-id="au-6.7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="au-6.7_stmt" uuid="e7525856-b34c-4320-a781-5fb698637fb1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4942b253-2a47-4d9a-bf1a-c4cd6119a318">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational specification of permitted actions for
information system processes, roles, and/or users, associated
with the review, analysis, and reporting of audit
information is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="743865b5-06d7-49e6-add4-0a0c83e3ee63" control-id="au-6.10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="au-6.10_stmt" uuid="9d89d27a-fd63-478a-a2dd-f71077d08076">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="daa6e06a-44ce-4cc7-83e1-94a7c7ba93dc">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational adjustment of the level of audit review, analysis, and
reporting within the information system when there is a change in risk
based on law enforcement information, intelligence information, or other
credible sources of information, is outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="06a7191c-ddff-46e4-ab94-e82663e33249" control-id="au-7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="au-7_stmt.a" uuid="6bcc436f-7317-4689-bff0-acbf2c50aaa0">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="0cd3cf46-dc7e-41eb-858a-fdb5910d3822">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift supports an audit reduction and report generation capability that
supports on-demand audit review, analysis, and reporting
requirements and after-the-fact investigations of security incidents
only when the OpenShift Cluster Logging Operator is configured to send
logs to a remote log store such as Elastic or Splunk.
It is then the responsibility of the 3rd party tools such as Elastic or Splunk
to then provide the support and capability for audit review, analysis, and
reporting requirements and after-the-fact investigations of security incidents.

To configure cluster logging to aide in audit reduction, review, analysis, and
reporting, the OpenShift Cluster Logging Operator can be configured via:

https://docs.openshift.com/container-platform/latest/logging/cluster-logging-deploying.html
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="au-7_stmt.b" uuid="c6f0bb72-36c3-4761-9a5b-c40627d0a446">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d9b3215f-331a-4fb7-9067-a704d26e888f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>When OpenShift's Cluster Logging Operator sends OpenShift cluster logs to a remote log store,
the operator does not alter the original content or time ordering of audit records.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="058aed75-8622-4dfa-ae99-2c359885e02f" control-id="au-7.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="au-7.1_stmt" uuid="720c614a-f263-426b-bd33-2363ad574369">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="258ecfda-b77b-46a4-af8e-0970feb52488">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift supports an audit reduction and report generation capability that
supports on-demand audit review, analysis, and reporting
requirements and after-the-fact investigations of security incidents
only when the OpenShift Cluster Logging Operator is configured to send
logs to a remote log store such as Elastic or Splunk.
It is then the responsibility of the 3rd party tools such as Elastic or Splunk
to then provide the support and capability for sort and search audit records
for events of interest based on the content audit records.

To configure cluster logging to aide in audit reduction, review, analysis, and
reporting, the OpenShift Cluster Logging Operator can be configured via:

https://docs.openshift.com/container-platform/latest/logging/cluster-logging-deploying.html
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9c2388b8-6ef5-45cf-93d2-cd87d4f39794" control-id="au-8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="au-8_stmt.a" uuid="7edb6f5a-e08e-4faf-a375-bad11b80aa7c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a3e4e1da-469f-42f2-a0e1-2c8ffaeae1ba">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>By default, the OpenShift API uses the internal system clocks to generate
time stamps for audit records. At the code level, the OpenShift API
stores audit events in a struct called MicroTime:

// MicroTime is version of Time with microsecond level precision.
//
// +protobuf.options.marshal=false
// +protobuf.as=Timestamp
// +protobuf.options.(gogoproto.goproto_stringer)=false
type MicroTime struct
{ time.Time `protobuf:"-"` }

which really is a time.Time value which comes from the standard golang library:

https://golang.org/pkg/time/</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="au-8_stmt.b" uuid="8199e4bb-c82f-4ace-9317-6db96229ad0a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ca64871d-2677-4674-8c06-a118a56ef997">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>By default, the OpenShift API records time stamps for audit records
that can be mapped to Coordinated Universal Time (UTC). For example
in the following node audit record:

{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Metadata","auditID":"ad209ce1-fec7-4130-8192-c4cc63f1d8cd","stage":"ResponseComplete","requestURI":"/api/v1/namespaces/openshift-kube-controller-manager/configmaps/cert-recovery-controller-lock?timeout=35s","verb":"update","user":{"username":"system:serviceaccount:openshift-kube-controller-manager:localhost-recovery-client","uid":"dd4997e3-d565-4e37-80f8-7fc122ccd785","groups":["system:serviceaccounts","system:serviceaccounts:openshift-kube-controller-manager","system:authenticated"]},"sourceIPs":["::1"],"userAgent":"cluster-kube-controller-manager-operator/v0.0.0 (linux/amd64) kubernetes/$Format","objectRef":{"resource":"configmaps","namespace":"openshift-kube-controller-manager","name":"cert-recovery-controller-lock","uid":"5c57190b-6993-425d-8101-8337e48c7548","apiVersion":"v1","resourceVersion":"574307"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2020-04-02T08:27:20.200962Z","stageTimestamp":"2020-04-02T08:27:20.206710Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":"RBAC: allowed by ClusterRoleBinding \"system:openshift:operator:kube-controller-manager-recovery\" of ClusterRole \"cluster-admin\" to ServiceAccount \"localhost-recovery-client/openshift-kube-controller-manager\""}}

timestamps such as requestReceivedTimestamp and stageTimestamp are
in UTC format e.g. 2020-04-02T08:27:20.200962Z

See https://docs.openshift.com/container-platform/latest/nodes/nodes/nodes-nodes-audit-log.html
for more example of audit records.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="8f844c3b-c8be-427a-b5e4-de865825d22f" control-id="au-8.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="au-8.1_stmt.a" uuid="0f7774f9-7015-46ca-8049-12d0303a4e3b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="cce43980-d680-4af8-8d74-231f0e325343">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift synchronizes time by utilizing the time services of the underyling operating
operating system. This control is not applicable to OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="au-8.1_stmt.b" uuid="d10df678-a2c8-4dfd-a581-f78c81b4d714">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="cce43980-d680-4af8-8d74-231f0e325343">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift synchronizes time by utilizing the time services of the underyling operating
operating system. This control is not applicable to OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="55434d4e-d726-4f87-80da-a735bf9ddb65" control-id="au-9">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="au-9_stmt" uuid="98139dd1-5cd9-4c5c-9450-60a7461da54a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7970ec74-624d-4dce-a658-d8c036036d1a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-232
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="3b44ab3b-34bf-4526-88f1-7558a0573638" control-id="au-9.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="au-9.2_stmt" uuid="78874635-1b1d-4ad9-b505-8c833b1126a9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ad51bfc3-0766-4dd0-8936-c1e95143c52f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Backup of audit records onto a physically different system or
system component than the component being audited is the
responsibility of the centralized audit facility defined in
AU-4 (1), "Transfer to Alternate Storage," and outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d9af3243-40ce-4013-919a-34fa861da6db" control-id="au-9.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="partial"></annotation>
      <statement statement-id="au-9.3_stmt" uuid="83a67435-1fc0-48cf-923a-6c164b999990">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c3439f73-d646-4d3e-808b-8c6cbe8756fd">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-236
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2e936dfa-c426-4c14-b9bf-b4a2585f877c" control-id="au-9.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="au-9.4_stmt" uuid="67384918-d292-4ecf-907c-a9a006bd813e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c316f2ae-f82d-4182-a625-9ce6bf288afb">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Progress can be tracked
via:

https://github.com/ComplianceAsCode/redhat/issues/863
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a8912fe8-a2c0-440f-a252-d977dfa1f0bc" control-id="au-10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="au-10_stmt" uuid="c2f0541a-5d78-4cb2-ae65-2579c4173d2e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7970ec74-624d-4dce-a658-d8c036036d1a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-232
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="026a03b5-1bd0-4e63-93ef-7c513080917e" control-id="au-11">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="au-11_stmt" uuid="0a9fbed7-ddad-41fb-b5c1-5966fd294dce">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2e8093cd-410f-44fe-8d14-44321f8fade4">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-243
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="8b0aaf71-f6c1-4a72-8eb9-2976dc14368e" control-id="au-12">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="au-12_stmt.a" uuid="1c08ede3-e584-4794-8904-53ff3fdd6fc2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ec9b22a8-ac56-470c-896d-257fdde990b4">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-245
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="au-12_stmt.b" uuid="86eea62b-3469-4749-99b5-28a3e1314e44">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ec9b22a8-ac56-470c-896d-257fdde990b4">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-245
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="au-12_stmt.c" uuid="fa854ac3-30a8-4ed3-8a04-4ce10fbab35a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ec9b22a8-ac56-470c-896d-257fdde990b4">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-245
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="fb1002d1-76a3-48d5-8b34-e6b6fa126fac" control-id="au-12.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="au-12.1_stmt" uuid="a7e4e309-6e3b-47bd-9c7b-1edb4051b33a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4c016671-eaf2-44de-b4e8-65772fb0d46b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-181
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="68e7eab1-370a-4a93-9585-646848d58228" control-id="au-12.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="au-12.3_stmt" uuid="4f1962f7-8e80-4e22-9dd0-d14292e79638">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3f777ccd-7ad1-4d71-8151-788d6f6ba024">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-247
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="fb9e823f-f30a-49cf-8e64-8b12563d512b" control-id="ca-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-1_stmt.a" uuid="e4ced95c-04ba-48ca-9570-5ec802f01701">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7af7c9ee-8e02-459b-bcbb-31ae9fbc9d09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishing organizational security assessment and
authorization policy and procedures is outside
the scope of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-1_stmt.b" uuid="a65bb5b4-db69-495d-8756-9d322f94c158">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7af7c9ee-8e02-459b-bcbb-31ae9fbc9d09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishing organizational security assessment and
authorization policy and procedures is outside
the scope of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="8d8afad9-0508-45b9-ba76-18768cd27aa7" control-id="ca-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-2_stmt.a" uuid="5edc8cc8-7dd1-473d-ab0f-070f2f4287b7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="96994c43-c119-41ad-b728-02a641623c3d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Development of an organizational security assessment plan
is outside the scope of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-2_stmt.b" uuid="0dd59305-6612-44cd-9bb8-3983326a6dd3">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="96994c43-c119-41ad-b728-02a641623c3d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Development of an organizational security assessment plan
is outside the scope of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-2_stmt.c" uuid="fa943605-14cf-456a-ad67-8eac021ab68c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="96994c43-c119-41ad-b728-02a641623c3d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Development of an organizational security assessment plan
is outside the scope of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-2_stmt.d" uuid="8540655a-6e76-436d-8513-3723a102553d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="96994c43-c119-41ad-b728-02a641623c3d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Development of an organizational security assessment plan
is outside the scope of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="08d49c7b-953f-4cd0-9813-50874951537b" control-id="ca-2.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-2.1_stmt" uuid="38aa23f1-4422-402a-924a-ec395b6a768a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a3b9dd57-eac9-45a8-99ab-907dfa329afe">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Employment of independent assessors or assessment teams
is outside the scope of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="db5a2907-c1fd-4e4e-a6eb-61559c12003e" control-id="ca-2.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-2.2_stmt" uuid="3fe6f2ca-381f-497e-a072-33027570ea25">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3f9a999f-dbf5-46ff-a007-43b2c21ab3e6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Specialized security assessments are outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="58a67648-ba68-4415-974b-61de7dc1c5b5" control-id="ca-2.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-2.3_stmt" uuid="11147258-cf14-4f88-a31f-b75bcdd421d5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ab0e3099-0268-4610-80d3-04805390b90c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational acceptance of the results of an assessment
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d852491f-4160-48e1-afb7-2e2ec47b7d99" control-id="ca-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-3_stmt.a" uuid="2c3ee9df-91cd-437a-82c9-864e15531e98">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="26325da6-645b-48ff-a385-1790501cfe82">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishment of organizational system interconnection
agreements is outside the scope of OpenShift configuration
guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-3_stmt.b" uuid="4eb00eec-a9ed-4ee3-a6c7-484b670b8529">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="26325da6-645b-48ff-a385-1790501cfe82">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishment of organizational system interconnection
agreements is outside the scope of OpenShift configuration
guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-3_stmt.c" uuid="b11f5bcb-6d01-4308-8993-e1f6c74da678">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="26325da6-645b-48ff-a385-1790501cfe82">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishment of organizational system interconnection
agreements is outside the scope of OpenShift configuration
guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="85595d4a-3f82-4cd4-ae40-c9e1bece56df" control-id="ca-3.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-3.3_stmt" uuid="ff516853-42f1-46e8-aed8-dbc22157fe12">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="558d97f8-5d6a-4aee-8a12-912b5f070589">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This is an organizational control outside the scope of
OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="80d92939-b566-45ea-acd8-dad9640c46cb" control-id="ca-3.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ca-3.5_stmt" uuid="25e4fad0-540b-4190-a0a4-0009d55b70e8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fbfd7e30-455d-49ee-9888-3853ccbfd5e7">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is applicable to OpenShift and applicable
through host-level firewall rules.

Engineering progress can be tracked at:

https://issues.redhat.com/browse/CMP-253
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4d507723-069b-4eec-b5c5-97cd3e94d334" control-id="ca-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-5_stmt.a" uuid="89655419-75ed-4ec2-bdc4-07f88fe99933">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7da1eaef-58ea-4508-bf86-2095cb61dfae">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Creating an information system-level Plan of Action
and Milestones (POA&amp;M) is outside the scope of OpenShift
configuration processes.

However, to aid in remediating or
mitigating any known weaknesses or deficiencies in
OpenShift, Red Hat is planning to make public a POA&amp;M specific
to OpenShift. This is currently in progress. If you would like to
monitor or collaborate in the creation of the OpenShift POA&amp;M,
Engineering progress can be tracked at:

https://issues.redhat.com/browse/CMP-254
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-5_stmt.b" uuid="8e8f321c-48f5-4ff6-8654-76986b9774e2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8dd5cdde-ec46-4ca6-b2c7-ba5f7fd31de2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes relating to updating and the maintenance
of an information system-level Plan of Action and Milestones (POA&amp;M)
is outside the scope of OpenShift configuration processes.

However, Red Hat will be evaluating the self-assessment POA&amp;M items specific
to OpenShift. Engineering progress can be tracked at:

https://issues.redhat.com/browse/CMP-254
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f62731c0-3032-42e8-8694-31c841118669" control-id="ca-6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-6_stmt.a" uuid="fe0d6c95-f1a6-4353-968c-b520c4853cb9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-6_stmt.b" uuid="4029322f-8f15-4f57-a0c7-70c8654c0505">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-6_stmt.c" uuid="f0742c71-cd50-4fb4-90bc-bc7b6839f689">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="55addee1-b8b3-4109-80b1-b8227770eb8b" control-id="ca-7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-7_stmt.a" uuid="d6a330d2-df2e-4d92-9cd0-1956cc3c7781">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c7b1e437-6967-48fe-bbfa-c7cd030c0de0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The development and implementation of a continuous monitoring program
that includes the establishment of organization-defined metrics to be
monitored is an organizational control outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-7_stmt.b" uuid="c4ca4be2-e8e3-4f6b-a10d-d7cac01ab064">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="033b0fa8-776d-4796-bffe-cd824557b80b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The development and implementation of a continuous monitoring program
that includes the establishment of organization-defined frequencies for
monitoring and assessment of such monitoring is an organizational control
outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-7_stmt.c" uuid="5b42c3ae-6d29-4620-8eb5-763e9fc22b2d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="caab80b4-b384-4fe7-b5f1-47c620bef841">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Engineering progress can be tracked at:

https://issues.redhat.com/browse/CMP-255
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-7_stmt.d" uuid="09bfaa99-281a-4533-bdf3-e23b301b2fd0">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="caab80b4-b384-4fe7-b5f1-47c620bef841">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Engineering progress can be tracked at:

https://issues.redhat.com/browse/CMP-255
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-7_stmt.e" uuid="3e76aad7-24ce-4f30-8f9b-e94b515451b3">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="caab80b4-b384-4fe7-b5f1-47c620bef841">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Engineering progress can be tracked at:

https://issues.redhat.com/browse/CMP-255
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-7_stmt.f" uuid="b09f9aba-1b28-487c-997b-fd2a7ce6c033">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="291a33c4-ec9c-4387-bba7-db910c86c7a7">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Response actions to address results of the analysis of security-related
information is an organizational control outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-7_stmt.g" uuid="a32b68f0-5ca4-43dc-aee3-8bf1d9e27165">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e1c50876-9275-40f2-bc33-4ee44dcf13f0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Reporting the security status of organization and the information system
to organization-defined personnel or roles at a specified organization-defined
frequency is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="624d74b3-1731-42e7-8baa-7f3e97270e66" control-id="ca-7.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-7.1_stmt" uuid="e47b699c-612e-4f18-9c35-f1d70ae60f37">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8ee7afb1-daf3-4bdf-b139-e274fa0c1f1f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Employment of assessors or assessment teams is outside the
scope of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="3af3c047-c59d-441b-a7bd-a5d699ad1036" control-id="ca-7.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-7.3_stmt" uuid="9b80c78d-e726-48cc-80f5-b1132480c276">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7ce18f0d-f78d-4a8f-b168-f380c6fa0b1a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational trend analyses processes are
outside the scope of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b716fb4e-3373-4b56-bfab-5a619dfb7650" control-id="ca-8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-8_stmt" uuid="e09a8895-1ef0-4139-a6a7-85714c2c9a97">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="9a354f5f-f6a4-4922-9746-a7e30df42f31">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Penetration testing is outside the scope of
OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="3cd4469d-5efa-4a03-bb53-9e10f9cdc180" control-id="ca-8.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ca-8.1_stmt" uuid="4faa1b9a-6f58-4e69-bc7c-23c69dcc3e05">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="29136789-b5ab-4c39-9dd5-db08bfe1e3ac">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Employment of independent penetration testers
is out of scope for OpenShift configuration
guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="0d83447b-9daf-4a76-8521-2a6327fd9870" control-id="ca-9">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="partial"></annotation>
      <statement statement-id="ca-9_stmt.a" uuid="fa5fe87f-a834-4a5d-b458-0197740ca3b8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a3322771-7d3a-4e43-b2ec-0216de5044be">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Engineering progress can be tracked at:

https://issues.redhat.com/browse/CMP-256
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ca-9_stmt.b" uuid="3d7d9b31-e3be-4fc4-847b-8fbebcca9f5a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a3322771-7d3a-4e43-b2ec-0216de5044be">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Engineering progress can be tracked at:

https://issues.redhat.com/browse/CMP-256
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="53b3abac-4a28-4161-959b-fa09347080a4" control-id="cm-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-1_stmt.a" uuid="0e08d61c-98ad-4d8d-9cef-ca802b007cc4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="77ee3a9b-63d6-4f8d-bf3e-f10feb7ec653">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Developing, documenting, and disseminating an organizational configuration
management policy is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-1_stmt.b" uuid="13dfc8dd-1b1f-4f8f-a824-fda32a269ecc">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c6eccf7c-0437-4523-a842-44769fdd2ae4">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Review and update procedures to the organizational configuration
management policy is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7ec7cc47-526c-4739-94f5-5362151297e2" control-id="cm-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-2_stmt" uuid="6aaa5474-1312-44d0-a614-bbcbc95a220f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e4e95a42-d853-44e4-8693-3cc9f20747c1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The recommended approach for configuration management in the OpenShift Container
platform is to implement the principles and patterns of GitOps

GitOps uses Git pull requests to manage infrastructure and application configurations.
The Git repository is considered the only source of truth and contains the
entire state of the system so that the trail of changes to the system state are
visible and auditable.

Operators are a method of packaging, deploying, and managing a Kubernetes
application. Watching over the OpenShift environment, using its current
state to make decisions in real time. The Machine Config Operator (MCO)
manages updates and configuration changes to essentially everything between
the kernel and kubelet.

For additional information:
https://docs.openshift.com/container-platform/latest/architecture/cicd_gitops.html
https://docs.openshift.com/container-platform/latest/operators/olm-what-operators-are.html

Red Hat Advanced Cluster Management for Kubernetes (RHACM) is the preferred way of implementing
and managing GitOps for OpenShift clusters. For more information on creating and managing
channels for GitOps approaches using RHACM, see:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html-single/manage_applications/index#creating-and-managing-channels
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="15c843e2-7b5e-4cab-925c-949ff806ea4f" control-id="cm-2.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-2.1_stmt.a" uuid="b8bff285-b306-4a1f-a2c1-339246cfcc10">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="120e9e6d-bc52-43ce-8533-674d957d6795">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The organization reviewing and updating the baseline configuration of
OpenShift per an organization-defined frequency is outside the scope of
OpenShift configuration.

However to assist in formulating a control response,
GitOps uses Git pull requests to manage infrastructure and application configurations.
The Git repository is considered the only source of truth and contains the
entire state of the system so that the trail of changes to the system state are
visible and auditable. For more on using Git and GitOps see:

https://docs.openshift.com/container-platform/latest/architecture/cicd_gitops.html

Red Hat Advanced Cluster Management for Kubernetes (RHACM) is the preferred way of implementing
and managing GitOps for OpenShift clusters. For more information on creating and managing
channels for GitOps approaches using RHACM, see:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html-single/manage_applications/index#creating-and-managing-channels
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-2.1_stmt.b" uuid="3d12c2a9-9322-41c1-9e81-3bcc2bfb0e3a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="95bbb4ef-965c-450e-93d0-3f0b25b55679">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The organization reviewing and updating the baseline configuration of
OpenShift when required due to organization-defined circumstances is outside the scope of
OpenShift configuration.

However to assist in formulating a control response, GitOps uses Git pull requests to manage infrastructure and application configurations.
The Git repository is considered the only source of truth and contains the
entire state of the system so that the trail of changes to the system state are
visible and auditable. For more on using Git and GitOps see:

https://docs.openshift.com/container-platform/latest/architecture/cicd_gitops.html

Red Hat Advanced Cluster Management for Kubernetes (RHACM) is the preferred way of implementing
and managing GitOps for OpenShift clusters. For more information on creating and managing
channels for GitOps approaches using RHACM, see:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html-single/manage_applications/index#creating-and-managing-channels
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-2.1_stmt.c" uuid="5a93b6d5-ea2f-400c-861d-e393ddedb528">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e03918ea-9597-46d0-b685-77696fc48515">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The organization reviewing and updating the baseline configuration of
OpenShift as an integral part of OpenShift component installations and upgrades
is outside the scope of OpenShift configuration.

However to assist in formulating a control response,  GitOps uses Git pull requests
to manage infrastructure and application configurations.
The Git repository is considered the only source of truth and contains the
entire state of the system so that the trail of changes to the system state are
visible and auditable. For more on using Git and GitOps see:

https://docs.openshift.com/container-platform/latest/architecture/cicd_gitops.html

Red Hat Advanced Cluster Management for Kubernetes (RHACM) is the preferred way of implementing
and managing GitOps for OpenShift clusters. For more information on creating and managing
channels for GitOps approaches using RHACM, see:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html-single/manage_applications/index#creating-and-managing-channels
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9811f427-cb9f-4959-839e-c1ad0e3b1f69" control-id="cm-2.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="cm-2.2_stmt" uuid="1a85e226-7846-458e-87aa-daabb3024acb">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fbbf585d-7073-4272-9b00-0e9a10603a48">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-262
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="68ad0e12-a096-4067-a971-c389177b7034" control-id="cm-2.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-2.3_stmt" uuid="11312c94-dc55-4ed5-b885-e600694b3b15">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2045b012-4c73-4e3c-b73c-37eaf05d3dae">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The organization retaining an organization-defined number of previous versions of baseline
configurations of the information system to support rollback is an organizational control
outside the scope of OpenShift configuration.

However to assist in formulating a control response, GitOps uses Git pull requests
to manage infrastructure and application configurations.
The Git repository is considered the only source of truth and contains the
entire state of the system so that the trail of changes to the system state are
visible and auditable. For more on using Git and GitOps see:

https://docs.openshift.com/container-platform/latest/architecture/cicd_gitops.html

Red Hat Advanced Cluster Management for Kubernetes (RHACM) is the preferred way of implementing
and managing GitOps for OpenShift clusters. For more information on creating and managing
channels for GitOps approaches using RHACM, see:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html-single/manage_applications/index#creating-and-managing-channels
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="6459ecfa-b910-43e7-8965-3b3415c870db" control-id="cm-2.7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-2.7_stmt.a" uuid="4c10504f-e039-4f61-930c-576645e31828">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="9178f438-9fed-4b72-8bce-95c1b53c7d2c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational issuance of organization-defined information
systems, system components, or devices with organizational-defined
configurations to individuals traveling to locations that the
organization deems to be of significant risk is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-2.7_stmt.b" uuid="47b6c5a0-4926-423b-a81d-a279fde17855">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d750095f-9a35-42fe-a0f7-57f49ced611f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to apply organization-defined security
safeguards to the devices when the individuals return is
outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d5803f5d-c744-42be-8dc1-112e58561dac" control-id="cm-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="partial"></annotation>
      <statement statement-id="cm-3_stmt.a" uuid="cd86af9e-b2c4-42f9-bd08-622642ee246a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d2eaeb47-e9d0-47c0-9a11-57510f38c504">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-265
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-3_stmt.b" uuid="55b2e92c-81f2-4fad-b3dd-456c93a1fbac">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d2eaeb47-e9d0-47c0-9a11-57510f38c504">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-265
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-3_stmt.c" uuid="684a0521-4ea2-4b94-b6b7-7b7a50b3f2aa">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d2eaeb47-e9d0-47c0-9a11-57510f38c504">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-265
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-3_stmt.d" uuid="b1245fb4-2e87-497b-9ad1-8332e3854425">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d2eaeb47-e9d0-47c0-9a11-57510f38c504">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-265
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-3_stmt.e" uuid="2a387d15-e1e8-4940-bce5-98bf905dd8d1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d2eaeb47-e9d0-47c0-9a11-57510f38c504">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-265
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-3_stmt.f" uuid="dfaa0f29-9d3f-4979-97ec-a7128d6afa16">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d2eaeb47-e9d0-47c0-9a11-57510f38c504">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-265
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-3_stmt.g" uuid="f81d2b69-26cb-40d2-bd0a-e160c2e867d5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b2160e5f-d047-40d4-bbb1-28eacd42e078" control-id="cm-3.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-3.1_stmt.a" uuid="d86a9135-2388-4a23-9f22-64266a0bbd31">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-3.1_stmt.b" uuid="19b4321b-5cc2-4112-9bfb-830b85754cb9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-3.1_stmt.c" uuid="d0b1ef15-a252-4024-bee8-3bb0354920c2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-3.1_stmt.d" uuid="e1d42f1c-164f-47c8-b6c3-41157072e380">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-3.1_stmt.e" uuid="7689bcf6-9e63-453d-be08-e88cfa4c3a41">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-3.1_stmt.f" uuid="c25d7f4e-9101-4394-8364-0aea227d4093">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="ce518cce-4125-43ab-8d14-20e411dd1fa4" control-id="cm-3.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-3.2_stmt" uuid="182f9585-cde3-4854-94ef-374099416cf5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="c4d2d769-2338-4f3f-a322-a99b421dfb6b" control-id="cm-3.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-3.4_stmt" uuid="358b4208-13ad-4dd0-ad14-f165194b2f3c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="49569198-f252-431a-9013-108d8e183d9c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The requirement for an information security representative to be
a member of the organization-defined configuration change
control element is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="61cd825a-b1ee-4f88-9902-7584c461ed98" control-id="cm-3.6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="partial"></annotation>
      <statement statement-id="cm-3.6_stmt" uuid="6c95e840-d4ef-443d-a25b-f24944fe2d09">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a93e4280-05f0-43a2-a4ea-eba2203f78f8">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-268
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="bf7559c7-c3f7-4b66-a683-9209b935cc2b" control-id="cm-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-4_stmt" uuid="07305a6a-1193-4962-8b48-f144f31e60c7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fbc8a0c6-4b3d-4773-98b0-3a137e065b28">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational analysis of changes to the information system to
determine potential security impacts prior to change implementation
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7213bfcf-1142-4a7a-92b4-f64c64bcc968" control-id="cm-4.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="partial"></annotation>
      <statement statement-id="cm-4.1_stmt" uuid="4b753d1e-4a6d-4be6-8daa-023b12fb7c06">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7d57d518-18b4-40a7-a11a-53e3639e476f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-269
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="62eb973a-3540-44cd-b719-682e2649a54c" control-id="cm-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-5_stmt" uuid="781f8580-6098-441c-bc1a-43618deb6255">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="21a2ade5-e577-4721-ad53-a1546e1d1b11">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Defining, documenting, approving, and enforcing physical and logical access restrictions
associated with changes to the information system is an organizational control outside
the scope of OpenShift configuration.

However to assist in developing policies/procedures to address this control, use of Role-based
Access Control (RBAC) and the architecture of OpenShift provide logical access restrictions
based on user and group roles in addition to logical separation of systems and components.

See the following for more information on RBAC and OpenShift architecture:

https://docs.openshift.com/container-platform/latest/architecture/architecture.html
https://docs.openshift.com/container-platform/latest/authentication/using-rbac.html
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="6a0f4778-ac03-4417-bb0d-6454f165ebc5" control-id="cm-5.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="cm-5.1_stmt" uuid="8495d5df-5f1f-40d8-bb5e-57adf0bb341e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="28aea2d2-60b4-47de-8206-03d1cc256146">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Progress can be
tracked via:

https://github.com/ComplianceAsCode/redhat/issues/897
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="916f8863-0506-4342-a5f9-e7237ea1ae1c" control-id="cm-5.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-5.2_stmt" uuid="ce57b888-27e8-4fc8-8bf1-396d38f790ed">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="49523066-b7d9-4d77-a2c7-59366937787a" control-id="cm-5.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="cm-5.3_stmt" uuid="84764f58-0c4a-4051-bc47-08d6a39f7317">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ca577a36-3847-4240-9bff-912466fccf24">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-187
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="10d3143c-c783-4b4b-b538-995e6714f707" control-id="cm-5.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="partial"></annotation>
      <statement statement-id="cm-5.5_stmt.a" uuid="3dae2524-5241-4fdd-978d-beb381490964">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d823359b-250c-49fe-954d-f6be6ba9d33a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Progress can be
tracked via:

https://github.com/ComplianceAsCode/redhat/issues/901
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-5.5_stmt.b" uuid="e1618798-a68b-4c5f-9a6f-c9bc608ebd80">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2f4b6122-9153-47ed-818f-839b33259939" control-id="cm-6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="partial"></annotation>
      <statement statement-id="cm-6_stmt.a" uuid="bbd6ce3c-7ef2-45b4-8618-7d4168d9bd32">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f0557d99-daa7-4cd5-a5bb-79a2ef5df470">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-188
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-6_stmt.b" uuid="c26016e8-a231-4f68-b2a0-18de19f60eb9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f0557d99-daa7-4cd5-a5bb-79a2ef5df470">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-188
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-6_stmt.c" uuid="d34a9516-5f0b-4557-996b-2d5d71b12864">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f0557d99-daa7-4cd5-a5bb-79a2ef5df470">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-188
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-6_stmt.d" uuid="40dd9dc9-7354-4b8d-a07a-707c81fb4177">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f0557d99-daa7-4cd5-a5bb-79a2ef5df470">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-188
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="23adbbfd-9d1e-417f-934e-fedba07890ae" control-id="cm-6.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="cm-6.1_stmt" uuid="2f1e18cc-ae8a-42f4-b1af-e6941dd5209c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4551de61-8db5-440c-bfab-68c6bcb8968e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-272
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="726b397f-a208-45d4-ab8f-af16be623e39" control-id="cm-6.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-6.2_stmt" uuid="eeea7e00-721e-4964-8799-7d623657d647">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4e820a8c-dcd9-489c-902b-a072fa5c0b70" control-id="cm-7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="cm-7_stmt.a" uuid="b5871b01-e9c9-4485-a45f-3bdccb1c0a89">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c615bddb-a883-4ae1-a0ef-3f53a9833d5e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-273
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-7_stmt.b" uuid="a6b5f2d2-287e-406f-acdd-57fb518663a8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c615bddb-a883-4ae1-a0ef-3f53a9833d5e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-273
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="681bbf04-881f-448a-b207-3183b7066a64" control-id="cm-7.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="cm-7.1_stmt.a" uuid="712afed5-3de9-4f0b-a3cd-93267d37b136">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4fbaf0fe-904f-4f7b-b606-46d13f3a0500">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-274
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-7.1_stmt.b" uuid="ec980658-104c-4e52-8631-2d923aff4c85">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4fbaf0fe-904f-4f7b-b606-46d13f3a0500">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-274
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2045f042-6725-4305-b4d5-dfab9f16e180" control-id="cm-7.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="cm-7.2_stmt" uuid="70ab7b0c-c1db-4c82-b9b6-f464a23a1371">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="76bedc11-066b-41c5-b5b0-8b40dc36c3c0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-275
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="afeb82d5-0753-4ca1-90fd-3866f47e1b51" control-id="cm-7.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="cm-7.5_stmt.a" uuid="664d44d4-5274-4bcf-b887-31cd4a5ac1d4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6fa24fa2-97b0-4e4a-a422-29a7e0f91a75">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-205
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-7.5_stmt.b" uuid="76448ea7-3d83-415c-add0-9cb8a842af1e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6fa24fa2-97b0-4e4a-a422-29a7e0f91a75">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-205
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-7.5_stmt.c" uuid="3b3a6030-4ee2-4050-95a8-c28aaaa8e862">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6fa24fa2-97b0-4e4a-a422-29a7e0f91a75">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-205
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="6ab840ef-1732-44c3-a612-787e7e545ccd" control-id="cm-8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="cm-8_stmt.a" uuid="8981d481-fa58-4a47-863f-735659a75a57">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c7eceb86-8630-47f8-be2b-a463c84ef6a0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-277
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-8_stmt.b" uuid="1831a671-8eb9-4dfb-84aa-c3ec5f2f24fb">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c7eceb86-8630-47f8-be2b-a463c84ef6a0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-277
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a2d7594d-e346-4274-9265-d46540911822" control-id="cm-8.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-8.1_stmt" uuid="e8f890bc-f312-4f4a-b859-d8ae6b11b6af">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8df6da4e-b135-43b9-86fe-b966c8589097">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The organization is responsible for updating the inventory of information
system components as an integral part of component installations, removals,
and information system updates.

During an install, update, or removal, the OpenShift cluster will roll out updates
for the system software inventory including the CoreOS nodes. More about updating
to help with creating procedures and processes related to this control can be viewed
at:

https://docs.openshift.com/container-platform/latest/updating/updating-cluster-between-minor.html
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="efec02dc-a7f3-4c26-8c97-12a768d47a8d" control-id="cm-8.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="cm-8.2_stmt" uuid="fbd5169e-c8cf-454c-b310-f9ceac64689b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="96f30624-9ae0-4a5c-8987-728732b902c2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-279
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9f65e091-76eb-4b8b-a90d-01dfcf2d492c" control-id="cm-8.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="cm-8.3_stmt.a" uuid="23171812-48fa-443e-9266-3902cb35ff08">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="66b06958-62a6-4f5f-971e-a8b18da94e42">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-280
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-8.3_stmt.b" uuid="7af95e64-9f75-464f-86de-26378e862fef">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="66b06958-62a6-4f5f-971e-a8b18da94e42">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-280
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="db41c18b-5ec4-4d2f-9dcf-78c97dbc680a" control-id="cm-8.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-8.4_stmt" uuid="b28bfa35-6364-4fb4-904b-772dfa7b02e8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ef2afa79-0923-4a7c-9750-cd595ab18752">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to include in the information system
component inventory information, a means for identifying
by name, position, and/or role, individuals responsible/accountable
for administering those components, is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="fb999865-9705-426c-b663-06b8c59c0c14" control-id="cm-8.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-8.5_stmt" uuid="00f44a70-1aee-473b-a536-43025be1335e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="48b8fbc3-de2c-43d2-8a07-e28a178041df">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational verification that all components within the
authorization boundary of the information system are not
duplicated in other information system component
inventories is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7d29b633-bf7d-4c8d-a07e-e7da6bd0597d" control-id="cm-9">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-9_stmt.a" uuid="4c2757ce-0736-4639-aa56-1445684f0852">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-9_stmt.b" uuid="ed8ce88e-7264-4d89-bf53-28942768311f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-9_stmt.c" uuid="a54380f1-364a-4c9f-8240-adb67f10c541">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-9_stmt.d" uuid="f654475c-4631-419b-a63a-b6cd676d4b52">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bd12b0e3-5928-4b48-a2f9-369e291305ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational processes outside the scope
of OpenShift configuration guidance.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7f6e0d1f-9540-4672-9ea2-87bc92bc1ba7" control-id="cm-10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-10_stmt.a" uuid="651a8696-33ee-417a-a07b-c2e23bf1a7d0">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4bf0668b-3ac0-49fa-aee8-01deec0592e6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Ensuring that the organization uses software and associated
documentation in accordance with contract agreements and copyright laws
is the complete responsibility of the organization. Red Hat's
responsibilities to assist with the tracking of software licensing and
usage of software provided by Red Hat will be fulfilled in accordance
with all applicable contracts and agreements established for the
project with the organization.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-10_stmt.b" uuid="d39f780a-b0cd-4641-993b-431a62e3c29a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="be79d021-c2a3-4c06-b5c0-f455be84026b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Tracking the use of software and associated documentation protected by
quantity licenses to control copying and distribution is an
organizational control outside the scope of OpenShift.

However to assist Systems Administrators and Security personnel in
tracking OpenShift subscriptions, the OpenShift Cluster Manager (OCM)
service acts as a bridge to Red Hat Subscription Manager. A cluster
connected to the internet can send telemetry to OpenShift Cluster
Manager at https://cloud.redhat.com/openshift/, which then handles
integration with Red Hat Subscription Manager to track subscriptions
for OpenShift clusters.

For disconnected clusters, there is no way to send telemetry data to
OpenShift Cluster Manager. In this case, the organization must manually
register their disconnected clusters with OpenShift Cluster Manager
following the instructions at https://access.redhat.com/solutions/4930131
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-10_stmt.c" uuid="26789b14-6c9d-47c6-88e9-ddc4e67722bd">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3b094128-1abc-4616-8b9e-00eee0d19af3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Controlling and documenting the use of peer-to-peer file sharing
technology to ensure that this capability is not used for the
unauthorized distribution, display, performance, or reproduction
of copyrighted work is an organizational control outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9f8336a3-a24d-4ddb-8263-d39ba3eb5517" control-id="cm-10.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-10.1_stmt" uuid="fe7b30a3-83ec-4fc7-bfa1-e26d1e9460a7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="5f6cfd58-cd70-4d96-9805-94191f4b1f49">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishment of organizational restrictions on open source software
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="ebf6c80d-ae1e-42f8-ad2f-67e668acd79c" control-id="cm-11">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="cm-11_stmt.a" uuid="dafb6e21-48a3-48d1-8fa6-068e39577177">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bf9ce949-de4c-41e8-8028-a32657381e46">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Progress can be
tracked via:

https://issues.redhat.com/browse/CMP-285
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-11_stmt.b" uuid="de36e5da-b64e-44fd-980c-889978e7567e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bf9ce949-de4c-41e8-8028-a32657381e46">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Progress can be
tracked via:

https://issues.redhat.com/browse/CMP-285
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cm-11_stmt.c" uuid="88121617-6f41-4a5c-90c3-9406735c881d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bf9ce949-de4c-41e8-8028-a32657381e46">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Progress can be
tracked via:

https://issues.redhat.com/browse/CMP-285
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="05674185-3d02-4342-9837-b98cbb249e81" control-id="cm-11.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cm-11.1_stmt" uuid="28d0535f-885c-4b5e-a73a-588c7cafa5ab">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="677b360d-fb1d-4552-8436-63f7a3e58923">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Progress can be
tracked via:

https://issues.redhat.com/browse/CMP-286
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="771b728d-1714-4fd3-b5f5-a09573598f06" control-id="cp-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-1_stmt.a" uuid="66819085-e959-469f-bd11-b640883f4a9e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c5292e97-ef74-4234-a89c-9a4db072d285">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Developing an organization-level contingency planning policy is
outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-1_stmt.b" uuid="a502aa27-f4c0-48cc-aee2-a763691a788e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6b9fab65-b3f1-4cb1-a823-f55077e3378e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Review and updating an organizational-level contingency planning
policy is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b9394721-3b8d-40cc-b02e-69fad58f7c0f" control-id="cp-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-2_stmt.a" uuid="8a136600-d66e-4ae9-bfd3-b15b9507039c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f2aa923a-7992-49a6-84d8-d04470b30ac7">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Developing an organization-level contingency planning policy is
outside the scope of OpenShift configuration.

To facilitate a control response and assist in contingency planning,
Backup and Restore of an Openshift cluster can be viewed at:

https://docs.openshift.com/container-platform/latest/backup_and_restore/disaster_recovery/about-disaster-recovery.html
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-2_stmt.b" uuid="20c9cde0-812d-4c04-b472-bc27cfe4350b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="331d8009-959d-4fb9-8fe3-3b2a69179d59">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Distribution of an organizational-level contingency planning
policy is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-2_stmt.c" uuid="54d178ce-a421-4486-9ce2-3d35d8e2a420">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fe6802b4-1a91-4382-baab-2f3d7a1630f6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Coordinating contingency planning activities with incident handling
activities is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-2_stmt.d" uuid="9dfe91e6-60a2-4fc6-a292-26a3ca28cb37">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e6ef3bce-d733-47fa-a032-756fd0e81257">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Reviewing organizational contingency plans for the information system
at an organization-defined frequency is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-2_stmt.e" uuid="12e03d0f-7239-43ff-8511-42826295c45c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b8ffbee2-6b43-413d-9e41-723756839798">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to update the contingency plan are outside the
scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-2_stmt.f" uuid="3953f722-8d58-4b44-8f87-62d3a9186cc2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="263af822-5945-4071-b329-b0064d3a15f5">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational communication plans regarding the contingency plan are outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-2_stmt.g" uuid="80043547-0078-4f6a-8e9c-cd6eeea6ccd5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fa9f95a9-c72d-4dbf-8f27-c6f8493a27ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Protection of the contingency plan from unauthorized disclosure and
modification is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="68fcb3d9-e3fa-4f21-8c0d-4dca3070f58b" control-id="cp-2.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-2.1_stmt" uuid="71aae42e-fd99-437a-8439-fccb5ca10dc4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a3396a14-d559-4528-a017-03f6b3c5c178">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Coordinating contingency plan development with organizational elements
responsible for related plans is outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7e03fae0-bd13-44da-9203-e5fa39f3d61c" control-id="cp-2.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-2.2_stmt" uuid="68dd278b-6ed2-4ffe-8b6d-7b3ebcc9ad00">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9406b199-8f5e-485f-9269-cb66e3116867" control-id="cp-2.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-2.3_stmt" uuid="10ab1719-eb47-4cd3-8405-36b41446ce45">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="84850209-159b-4f57-9829-7b4fffb823f5">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Planning for the resumption of essential missions and business
functions within an organization-defined time period of contingency
plan activation is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="88e94465-9802-4189-b3e5-06fe631cf75a" control-id="cp-2.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-2.4_stmt" uuid="75b3ba70-f066-4738-ac5c-8220cb2b5c41">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="98f36c61-d5a9-4687-bed5-6effc28469bf">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Planning for the resumption of all missions and business
functions within an organization-defined time period of contingency
plan activation is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9bae2fc6-f6e5-438e-b704-28aba6f56f39" control-id="cp-2.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-2.5_stmt" uuid="c36acfec-e716-4fa5-9e76-cb79fc0db434">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7885aa74-67f1-4912-b113-e4128b9a021b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Planning for the continuance of essential missions and business
functions with little or no loss of operational continuity and
sustainment of that continuity until full information system
restoration at primary processing and/or storage sites
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b2b31d8f-c254-46c2-99fc-b70a66da07d5" control-id="cp-2.8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-2.8_stmt" uuid="cdd60955-5d53-4dfc-9362-923094a064b7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f8334ecb-8969-46c6-9bd2-85a7c4939117" control-id="cp-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-3_stmt.a" uuid="eacc635b-d7be-45c0-b1e1-a8c0caab0f2d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c46d9b50-b074-4b05-ad17-52cbefe2a778">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Providing contingency training to information system users consistent
with assigned roles and responsibilities within an organization-defined
time period of assuming a contingency role or responsibility is outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-3_stmt.b" uuid="55d0cf39-d41d-47f2-acf1-9611c9cd28d9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4e2deff2-ef78-4842-a130-31d1f96ef3c1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Providing contingency training to information system users consistent
with assigned roles and responsibilities when required by information
system changes is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-3_stmt.c" uuid="84c463aa-dba8-43d3-9028-eb8251c5d259">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="5aadb256-2286-47f9-b444-493b37edbc52">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Providing contingency training to information system users consistent
with assigned roles and responsibilities at an organization-defined
frequency is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9d8ee492-786b-4d2b-ae22-4f489269d4b8" control-id="cp-3.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-3.1_stmt" uuid="91aaf8ca-18a7-4d7c-8b60-6e72209aa7c8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c8bf222d-f6c0-456d-918b-4c183a1ce94c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Incorporating simulated events into contingency training to
facilitate effective response by personnel in crisis
situations is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="37f1ec1d-eca4-4821-832e-60470f2ed2d9" control-id="cp-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-4_stmt.a" uuid="a0121166-a8d6-4542-9a77-458b36f5fff5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2d078574-7f68-43e8-860c-e009ad734355">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Testing the contingency plan for the information system at an
organization-defined frequency using organization-defined tests
to determine the effectiveness of the plan and the organizational
readiness to execute the plan is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-4_stmt.b" uuid="cf743a34-3cfd-4fa9-a58c-07c4d34a9250">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="0c86cbed-d193-4e6b-b255-6d100e78a57e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational reviews of the contingency plan test results is outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-4_stmt.c" uuid="1f36412a-d485-4a3b-978e-d823b0c049be">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e8788b75-6ab4-44bc-b7fc-63dec92b1fbc">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational process to initiate corrective actions, if needed,
are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="050446bf-fbd4-4e3d-9d30-0c8aee859401" control-id="cp-4.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-4.1_stmt" uuid="d18006e9-04d5-4afa-8fc5-e264bece5f99">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e91bf2c8-c7fc-4ec1-ba01-eba54ef8f238">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Coordinating contingency plan testing with organizational
elements responsible for related plans is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4f3ce37b-49ae-437b-8dd8-d3375851b873" control-id="cp-4.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-4.2_stmt.a" uuid="abecfc2c-ceaf-45f9-83b1-f086b3f275b3">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ceef2030-c057-4bd8-857f-8cd7fae4171c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational testing of the contingency plan at the alternate
processing site to familiarize contingency personnel with the
facility and available resources is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-4.2_stmt.b" uuid="1e3e296d-fb52-4499-8c99-0e52944ee8d5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="90d68b01-c8db-47b4-974e-03ab046346b0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational testing of the contingency plan at the alternate
processing site to evaluate the capabilities of the alternate
processing site to support contingency operations is outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="50813791-4bfa-43e6-aac2-ae13162ae225" control-id="cp-6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-6_stmt.a" uuid="dc5c0f70-4f4e-4c18-a997-ef9147218854">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b9deee0a-874a-49e7-8410-4ff3290a8975">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishment of an alternative storage site including
necessary agreements to permit the storage and retrieval
of information system backup information is outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-6_stmt.b" uuid="a82fa0e9-77fb-4cb3-9a23-d5aeb13c5ffd">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="85d3cd83-fd2e-4d38-a918-2b3c029a6c38">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Ensuring that the alternative storage site provides information
security safeguards equivalent to that of the primary site
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2f93c5cd-a5b8-4408-9f8a-92d665f353a9" control-id="cp-6.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-6.1_stmt" uuid="2a4ba549-5501-462d-a560-9996fb05de30">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3247ec60-93f0-4ea3-ad3e-a4d626f687d8">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Identification of an alternate storage site that is
separated from the primary storage site to reduce
susceptibility to the same threats is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="fcc79e58-91d6-440e-ac9d-f150bc185516" control-id="cp-6.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-6.2_stmt" uuid="107855ba-a343-4538-97e5-c439191f2aac">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="81f7ebdc-7eda-44dc-940d-0038c9170894" control-id="cp-6.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-6.3_stmt" uuid="a20d4a43-8cc0-4ae5-bff8-8d97aa5e3957">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="231963f2-2910-4d08-b37b-9ada727c3578">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Identification of potential accessibility problems to the alternate
storage site in an event of an area-wide disruption or disaster and
the outline of explicit mitigation actions is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="5b1e832f-e657-4fa3-8390-1fa1ed85c210" control-id="cp-7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-7_stmt.a" uuid="a4d95e39-d657-4a14-a24e-2f29804706f7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-7_stmt.b" uuid="29a3c8f2-edcf-4336-a4ee-cc886ee3e60a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="cef4bd19-d779-46ee-9794-575e3583566d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Ensuring that equipment and supplies required to transfer and resume
operations are available at the alternate processing site or contracts
are in place to support delivery to the site within the
organization-defined time period for transfer/resumption is an
organizational control outside the configuration of OpenShift.

To assist Systems Administrators and Security personnel in answering
this control in relation to OpenShift, Red Hat does not provide
disaster recovery subscriptions for OpenShift. However, there are a
couple of ways that a cluster can be configured to failover in the case
of emergency or catastrophic failure. One way is to configure the
cluster with geographically diverse set of nodes in different
availability zones. See https://docs.openshift.com/container-platform/latest/machine_management/creating-infrastructure-machinesets.html for creating
MachineSets for nodes to operate in different clouds.

Alternatively, Red Hat Advanced Cluster Management for Kubernetes
is a solution for multi-cluster deployment and management across
different many differing operating environments. Red Hat Advanced
Cluster Management for Kubernetes is considered a better tool to
manage Kubernetes Clusters and to handle cluster failover in case of
failure. Documentation can be viewed at:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/about/welcome-to-red-hat-advanced-cluster-management-for-kubernetes
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-7_stmt.c" uuid="8df8a76e-df2c-4ecc-99f0-f61d76d50ac8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="12045a31-1c7e-4694-b3db-ec5a872e954f" control-id="cp-7.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-7.1_stmt" uuid="f747f946-4067-4172-9e95-c3633e70e611">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c8a07e0d-b993-4ff4-a806-f495649250ba">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Identification of an alternate processing site that is
separated from the primary processing site to reduce
susceptibility to the same threats is outside the
scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="c820dad3-a791-4dd9-a00e-3d6dd5d77077" control-id="cp-7.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-7.2_stmt" uuid="deb477d7-3a25-4735-82fb-f9dbcc57ca46">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="5fa3e2f6-646d-49ea-91d2-2759f78287bf">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Identification of potential accessibility problems to the
alternate processing site in the event of an area-wide
disruption or disaster and outline of explicit mitigation
actions is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="6984c5c8-08a3-4be0-8275-625e98ccc022" control-id="cp-7.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-7.3_stmt" uuid="2f1230e1-a882-4798-bfce-e3408837c3af">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b00e22d7-881d-453a-b04f-9c548c765bd9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Development of alternate processing site agreements that contain
priority-of-service provisions in accordance with organizational
availability requirements (including recovery time objectives)
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="87d008d1-d0da-4d96-876b-82c0b5ba0427" control-id="cp-7.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-7.4_stmt" uuid="8aec65e0-1820-4127-8f3f-20ddd0b39802">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="cbed8a82-ee85-48ec-91ad-b1db2679462d" control-id="cp-8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-8_stmt" uuid="49fb40da-a709-401a-a4be-84aa59502424">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="5078176d-b1cd-4ba6-b420-33f93f20dee9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishment of alternate telecommunications services
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="52236894-a4ae-4f0f-b025-b19d4e0b017d" control-id="cp-8.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-8.1_stmt.a" uuid="7222ff8d-4b03-47d1-805f-1ab4c66f5703">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="5f7769c6-f2c6-488e-b9b4-a4f9538314db">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Development of primary and alternate telecommunications service
agreements that contain priority-of-service provisions in accordance
with organizational availability requirements (including recovery
time objectives) is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-8.1_stmt.b" uuid="e4a5ec7e-e81f-406b-ab83-4862700d0a7f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="9ff082a8-f0d4-43fb-b6ff-3ed080e8d7b6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Requests for Telecommunications Service Priority for all
telecommunucations services used for national security emergency
preparedness in the event that the primary and/or alternate
telecommunications services are provided by a common carrier
are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="01062b08-cd1a-4b58-993f-faefc16c0206" control-id="cp-8.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-8.2_stmt" uuid="93f2e67e-599e-43fc-a131-9fc9c848cdc7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a39e3b0d-95c1-4bd2-921e-7e7f3b156405">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Obtaining alternate telecommunications services to reduce
the likelihood of sharing a single point of failure with
primary telecommunications services is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="af0b69c2-5371-4f4e-81ed-a1438994f1ce" control-id="cp-8.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-8.3_stmt" uuid="db90d3aa-d682-43b0-b3ac-4837a42242d2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6411cab9-5afe-4654-8d04-695e411f8668">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Obtaining alternate telecommunications services from providers
that are separated from primary service providers to reduce
susceptibility to the same threats is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="fe4f7722-8509-4685-a60a-e323d5a20cbd" control-id="cp-8.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-8.4_stmt.a" uuid="fd56fb25-3369-4e29-ac1a-8f1c69223435">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="17da368c-1402-4bba-a056-38cb4c30371c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Requiring primary and alternate telecommunications service
providers to have contingency plans is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-8.4_stmt.b" uuid="6793587c-9782-4f9c-9fa7-db795d51dc11">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="23845c5f-8017-4cd4-9f21-603056da6d3f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Reviewing provider contingency plans to ensure that the plans
meet organizational contingecny requirements is outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-8.4_stmt.c" uuid="ae3ca629-dc1c-4a13-a5ae-c3cd9d3283dc">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b6aa3018-a56b-480a-ad01-a4ba2f2a1a49">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Obtaining evidence of contingency testing/training by providers
at an organization-defined frequency is outside the plannedscope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b8ed0b80-8f2f-482a-9ecb-036cfc41ec26" control-id="cp-9">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-9_stmt.a" uuid="baffa994-23ab-4ef5-a98e-935efbb3a03e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="91111cd6-ceec-4076-b4db-2f7432fbe684">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for conducting daily incremental and
weekly full backups of user-level information contained in the
information system. Additional requirements and guidance include
maintaining at least three backup copies of user-level information (at
least one of which is available online) or provides an equivalent
alternative. A successful control response will detail how backups of
user-level information occurs, and how three backup copies are
maintained.

Conducting backups of user-level information to include the backups of
a centralized identity provider is an organizational control outside the
scope of OpenShift configuration. To assist System Administrators and
organizations in their control response, documentation about backing
up user-level information stored in etcd in OpenShift can be viewed at:

https://docs.openshift.com/container-platform/latest/backup_and_restore/backing-up-etcd.html
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-9_stmt.b" uuid="5c32e132-5d18-45c1-9044-08de5dba08c4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f4e1dc78-ba58-44a8-b06e-7e3bdd228353">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for conducting daily incremental and
weekly full backups of system-level information contained in the
information system. Additional requirements and guidance include
maintaining at least three backup copies of system-level information (at
least one of which is available online) or provides an equivalent
alternative. A successful control response will detail how backups of
user-level information occurs, and how three backup copies are
maintained.

Conducting backups of system-level information is an organizational
control outside the scope of OpenShift configuration. To assist System
Administrators and organizations in their control response,
documentation about disaster recovery procedures in OpenShift can be
viewed at:

https://docs.openshift.com/container-platform/latest/backup_and_restore/disaster_recovery/about-disaster-recovery.html
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-9_stmt.c" uuid="614e4499-f6b0-4795-b027-fe80018d5f71">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ef25c499-5b9d-4e9b-8c6e-c1087e8a0da9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for conducting daily incremental and
weekly full backups of information system documentation including
security-related documentation.

Conducting backups on information system and security-related documentation
is an organizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="cp-9_stmt.d" uuid="75fb35ed-6e72-43da-8708-2dd633909bdf">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="677d27ae-b6f7-4418-ba56-2171679e535d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for protecting the confidentiality,
integrity, and available of backup information at storage locations.
Additional requirements and guidance include determining
what elements of the cloud environment require the Information System
Backup control. The customer will determine how Information System
Backup is going to be verified and appropriate periodicity of the
check.

Protecting the confidentiality, integrity, and availability of backup
information at separate storage locations an organizational control outside the
scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2028a7bb-9a66-4854-931b-e4645f62f474" control-id="cp-9.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-9.1_stmt" uuid="4ab62c86-5c04-4a4a-899d-ef04a43c3f6d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="19ed4134-a2ff-47ca-8b6a-f1646595bb99">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The testing of backup information to verify media reliability
and information integrity is an organizational control outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="beed14e5-9fe7-4843-96cd-13f050d7f29d" control-id="cp-9.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-9.2_stmt" uuid="197b8749-9b90-4d18-b628-d1af270aa6a4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7767ca0e-d302-45c7-964a-1fb0ff2021e0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>To assist with this organizational control, documentation is being
planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-293
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="373ffff3-37fb-4fba-b48c-39ee152839b4" control-id="cp-9.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-9.3_stmt" uuid="e20bb8aa-12ad-4f56-98c1-246c171c7d8d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b74d6d9c-72f5-4449-bdeb-4e8e12738eec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Storing backup copies of organization-defined critical information
system software and other security-related information in a separate
facility or in a fire-rated container that is not collocated with the
operational system is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="90751658-149a-4fb0-bedc-50ea6252154a" control-id="cp-9.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-9.5_stmt" uuid="acacbfe3-18e4-4685-a916-af961872daff">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="60c05e35-8cbb-431e-be0e-7298fb2e3885" control-id="cp-10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-10_stmt" uuid="4cfec696-2533-43e2-8cd4-d83034a25b0c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="dc615e64-aa2a-40d5-9bf5-f9fec7b0860a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for documenting how to reconstitute
their OpenShift environment. A successful control response will detail
processes used to fully recover/restore the OpenShift environment.

To assist System Administrators and organizations in their control response,
documentation about disaster recovery procedures in OpenShift can be
viewed at:

https://docs.openshift.com/container-platform/latest/backup_and_restore/disaster_recovery/about-disaster-recovery.html
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f38b682d-5a68-4e3a-93ea-77d208867808" control-id="cp-10.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-10.2_stmt" uuid="1e5bdebd-7dc2-4315-954d-3e911ac29edd">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b3a13834-7f0e-4d08-a644-bb096e6adbb9" control-id="cp-10.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="cp-10.4_stmt" uuid="82de4f15-493b-4b9a-8aec-50193435726c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7a63474b-62ca-479d-964b-d58bce457f95" control-id="ia-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-1_stmt.a" uuid="a36fe514-78f8-4e92-a6f5-ffbdbac40098">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8a33d8b8-0bdb-4d23-8859-0363adaacce8">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Developing organization-level identification and authentication
policy and procedures are outside the scope of OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-1_stmt.b" uuid="1ad8b1ab-65d9-4977-9a6a-3dd415e440ab">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fe0d32dc-7657-41d6-8617-03d01c8d0590">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Review and updating an organizational-level identification and authentication
policy and procedures are outside the scope of OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d5bf1824-63d0-459f-8124-139f199c926a" control-id="ia-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ia-2_stmt" uuid="69702027-98b2-432d-9be3-8816afa66b86">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="5e572a34-7d36-430a-acde-f6d4ece3a6b2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Unique identification and authentication of organizational users
is deferred to the organizational identity provider (such as
LDAP, Active Directory, Red Hat SSO, etc). This part of the control
is not applicable to OpenShift.

To aid system administrators in configuring a centralized identity provider, documentation on
supported authentication providers can be found in the
OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-authentication.html

The ability to uniquely identify processes acting on behalf of
organizational users, such as when a user deploys a new
container image, is provided by correlating system audit logs.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="31ff8a91-b777-49fb-b8a8-89cb0b4aae44" control-id="ia-2.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-2.1_stmt" uuid="eca3dba3-92b6-4796-8f9f-3b9c961260eb">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="11288f65-ae11-479b-8f16-163d14246986">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Implementation of multifactor authentication for network
access to privileged accounts is deferred to the
organizational identity provider (such as
LDAP, Active Directory, Red Hat SSO, etc).
To aid system administrators, documentation on
supported authentication providers can be found in the
OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html

It is recommended to use separate accounts for privileged access. For example, at least one account for regular user
access, and a separate account for cluster or project administrator access.
The organization must determine how to best break up privileged accesses based off of organizational
needs and requirements.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="cf7c767f-0055-41ca-a1da-6d732b6a37e8" control-id="ia-2.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-2.2_stmt" uuid="1fb52b9e-61c3-4c51-9616-d746b5dde22a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b2c7f868-8a40-432b-85d7-a6dda1c95ab3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Implementing multifactor authentication for network access
to non-privileged accounts is the responsibility of the
organizational identity provider (such as
LDAP, Active Directory, Red Hat SSO, etc).

To aid system administrators, documentation on
supported authentication providers can be found in the
OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="3d3e27ed-6394-4013-886b-40269120234d" control-id="ia-2.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-2.3_stmt" uuid="d683d036-9850-47a6-a23b-a45c5f4db720">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2319b2df-e057-43dd-9df2-f329809aae78">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift has no concept of local accounts and was designed without the use of local accounts.
OpenShift relies on a centralized identity provider rather than a local identity provider.
The closest implementation concept of a local user account store would be the implementation
of the htpasswd identity provider. However, use of this provider is not recommended for
any reason for any security conscious environments or organizations.

Because OpenShift has no concept of local accounts, the implementation of
of multifactor authentication for local access to privileged accounts
is not applicable to OpenShift.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="95f67be2-45c2-48d5-b2d0-7306b9a94942" control-id="ia-2.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-2.4_stmt" uuid="7922a873-f6bd-4403-9252-9486544ef088">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7b36e937-b11e-4fd4-a3dc-52c49395a8d3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift has no concept of local accounts and was designed without the use of local accounts.
OpenShift relies on a centralized identity provider rather than a local identity provider.
The closest implementation concept of a local user account store would be the implementation
of the htpasswd identity provider. However, use of this provider is not recommended for
any reason for any security conscious environments or organizations.

Because OpenShift has no concept of local accounts, the implementation of
of multifactor authentication for local access to non-privileged accounts
is not applicable to OpenShift.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="70fb0a1f-4d52-4d3a-8bd2-76bad2982a11" control-id="ia-2.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ia-2.5_stmt" uuid="171afaa9-5c54-4280-b995-6a326913f866">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8db01236-9ba8-4e4d-89f2-befea2e69992">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-314</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="58b65007-7944-4515-ac3b-eb32c8217053" control-id="ia-2.8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ia-2.8_stmt" uuid="44133dc6-7f85-4bd5-8e92-7c3503592a8e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="befd7201-c418-44f9-b539-54f1d723941b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-573</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="1ae78fa4-5f2b-45e2-aa71-a08e1fafa49a" control-id="ia-2.9">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ia-2.9_stmt" uuid="e730c5e2-609d-40a2-add2-c42b0b4c1ae7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7bf7bc4c-ad71-495c-bab6-5576d6c48875">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-574</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="362d4418-8240-461c-96e4-ef5fa30ad4dd" control-id="ia-2.11">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-2.11_stmt" uuid="e6bd6d01-26be-45fa-914c-f0a6287cda05">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8d93e23f-8b49-4528-960a-997f4e43f8c0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Implementing a separate device from the system
gaining access to the information system using multifactor
authentication for remote access to privileged and non-privileged
accounts is an organizational control outside the configuration
guidance of OpenShift.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="cd277188-f18d-4c2f-81d1-52b4f05d4850" control-id="ia-2.12">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-2.12_stmt" uuid="c8df24aa-90fc-40ce-8b44-eb61bf261d49">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b8a27df5-d2b4-454c-9d33-ff6bf5108270">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Acceptance and electronic verification of Personal
Identity Verification (PIV) credentials is the responsibility
of the organizational identity provider (such as
LDAP, Active Directory, Red Hat SSO, etc).

To aid system administrators, documentation on
supported authentication providers can be found in the
OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="affb7bbc-ba2d-4d82-81ee-3b12c82a0240" control-id="ia-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ia-3_stmt" uuid="b0106689-c877-4dd2-b7fb-48be934113bd">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4094f41b-39e5-4be9-a5c0-2b03948cd290">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for IA-3 is planned.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f8c650c8-2244-4408-8c43-b7d628cddbf9" control-id="ia-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-4_stmt.a" uuid="af77be7e-e7ac-43f6-838e-93a7def235f1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2ae35092-d4b9-46fc-8151-a7c985b0cf73">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Receiving authorization from organization-defined personnel or roles to assign
an individual, group, role, or device identifier is an organizational procedural
requirement outside the scope of OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-4_stmt.b" uuid="d4c31b6a-6158-43f2-8271-7bbe4f914cfa">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ae5e68fd-d86a-4fa0-8600-a3560f6361b5">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Selecting an identifier that identifies an individual, group, role, or device
is an organizational procedural requirement outside the scope of OpenShift
configuration.

To affectively manage information system identifiers in OpenShift, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-4_stmt.c" uuid="4cadb32e-e9a0-46fe-9a9e-2b5198cf8dc1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="23c9fe46-b3b5-49ac-9dbd-091b95caffa5">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Assigning the identifier to the intended individual, group, role, or device
is an organizational procedural requirement outside the scope of OpenShift configuration.

To affectively manage information system identifiers in OpenShift, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-4_stmt.d" uuid="c1c3dfe5-dc9c-4795-b8f3-d4781b33a61d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b50a8422-1e67-4289-beba-bfac3b80e45a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Preventing reuse of identifiers for organization-defined time period is an organizational
procedural requirement outside the scope of OpenShift configuration.

To affectively manage information system identifiers in OpenShift, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-4_stmt.e" uuid="1ef28ca6-a1b3-4310-99d3-4d5b9d555331">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="78d3d56d-9076-495a-9b79-451d78c74481">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Disabling the identifier after organization-defined time period of inactivity
is an organizational procedural requirement outside the scope of OpenShift
configuration.

To affectively manage information system identifiers in OpenShift, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="ffc6660f-49c7-48d6-ae0d-e730ffe55e55" control-id="ia-4.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-4.4_stmt" uuid="fc0b706c-b313-47dd-b2b7-ed57cbd810c0">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d818cc45-a56b-48ea-95ff-0dd9de956381">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This is an organizational procedural requirement
outside the scope of OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f45786b2-8ed7-4ee6-9977-1cbfd8439463" control-id="ia-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-5_stmt.a" uuid="b77b381f-73ee-45d2-b1ee-6dbd2a271b05">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="035e502e-7530-462b-af9e-ef68b2c1e6f3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Verifying, as part of the initial authenticator distribution, the identity
of the individual, group, role, or device receiving the authenticator
is an organizational procedural requirement
outside the scope of OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5_stmt.b" uuid="9edf37b0-e399-4984-80d6-d022fb4db90f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7bf9a1ed-032c-440f-9e8f-68b7c4658645">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishing initial authenticator content for authenticators defined by the organization
is an organizational procedural requirement outside the scope of OpenShift configuration.

To affectively manage information system authenticators in OpenShift, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5_stmt.c" uuid="a5fbcaf4-4a96-4c7a-86e8-1cc7eb2bdfb9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f524611f-505a-4fff-9a00-9f2e38d9fecd">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Ensuring that authenticators have sufficient strength of mechanism for their intended use
is an organizational procedural requirement outside the scope of OpenShift configuration.

To affectively manage information system authenticators in OpenShift, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5_stmt.d" uuid="fdc6a0b9-914a-4099-9357-a8cd1607a7a4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1f6ba12d-0e6c-4f30-b8ed-d623e84a01c8">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishing and implementing administrative procedures for initial authenticator distribution,
for lost/compromised or damaged authenticators, and for revoking authenticators
is an organizational procedural requirement outside the scope of OpenShift configuration.

To affectively manage information system authenticators in OpenShift, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5_stmt.e" uuid="a8b479e6-63c8-478a-8ff7-d4d29749603e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c2c4e68b-fded-4a39-87a1-bb4af4c888a5">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Changing default content of authenticators prior to information system installation
is an organizational procedural requirement outside the scope of OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5_stmt.f" uuid="21d07f6b-a8a0-45f8-a9fb-77e8c140557a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7b95f8b1-9bc1-4f9d-a602-132c9801e281">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishing minimum and maximum lifetime restrictions and reuse conditions for authenticators
is an organizational procedural requirement outside the scope of OpenShift configuration.

To affectively manage information system authenticators in OpenShift, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5_stmt.g" uuid="f196ad36-8645-4831-be4f-7284660a97e7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a5be5103-5818-4050-861f-4c8878a5535e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Changing/refreshing authenticators by organization-defined time period by authenticator type
is an organizational procedural requirement outside the scope of OpenShift configuration.

To affectively manage information system authenticators in OpenShift, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5_stmt.h" uuid="ae312eb9-a9b1-484e-837e-55213c542bec">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3253f21a-52de-4279-81f7-050827a480a4">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Protecting authenticator content from unauthorized disclosure and modification
is an organizational procedural requirement outside the scope of OpenShift configuration.

To affectively manage information system authenticators in OpenShift, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5_stmt.i" uuid="1103eb61-2511-4e4e-9dc8-ae2e27ee4fcb">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="858b0f18-ca29-4ecb-9da4-ebe49a3ddf8d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Requiring individuals to take, and having devices implement, specific security safeguards to protect authenticators
is an organizational procedural requirement outside the scope of OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5_stmt.j" uuid="0d9d2135-b850-4062-9382-e6e1435da287">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="171d97d3-9690-4d1b-849a-ae505ebd52d5">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Changing authenticators for group/role accounts when membership to those accounts changes
is an organizational procedural requirement outside the scope of OpenShift configuration.

To affectively manage information system authenticators in OpenShift, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="c840dd2d-2134-4106-b0e1-cdbdf942e3ee" control-id="ia-5.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-5.1_stmt.a" uuid="5494089a-1a35-4115-88e3-cf817fa662c2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="0080de48-f09f-4e25-84a7-d8fdc5704bb5">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Enforcing a minimum password complexity of organization-defined requirements for case sensitivity,
number of characters, mix of upper-case letters, lower-case letters, numbers, and special
characters, including minimum requirements for each type is outside the scope of OpenShift
configuration.

To affectively use password-based authentication, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5.1_stmt.b" uuid="af6af93e-ea08-4c92-ae76-993187816f12">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="affed9b7-8fe7-49f0-92ea-6d594ebc48ad">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Enforcing at least an organization-defined number of changed characters when new passwords are created
is outside the scope of OpenShift configuration.

To affectively use password-based authentication, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5.1_stmt.c" uuid="3ecfcdf9-1a50-42d6-b687-328fb6f3d17d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e124b321-8080-4d56-a14d-45aef97161fb">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Storing and transmitting only cryptographically-protected passwords
is outside the scope of OpenShift configuration.

To affectively use password-based authentication, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5.1_stmt.d" uuid="59ef1f9e-aba7-4b83-b9f3-9e580162fffd">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="67102d51-3421-49c3-8272-98e08992dca4">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Enforcing password minimum and maximum lifetime restrictions of organization-defined numbers for
lifetime minimum and maximum is outside the scope of OpenShift configuration.

To affectively use password-based authentication, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5.1_stmt.e" uuid="a1ebe259-90ce-47a3-89b7-3a836ba771ae">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7eaf0053-9ecf-401c-8c93-a735e11b7306">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Prohibiting password reuse for organization-defined number generations
is outside the scope of OpenShift configuration.

To affectively use password-based authentication, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5.1_stmt.f" uuid="256c38d6-45fa-443e-907d-ff06e549ccf9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6f4d75ab-40f3-4890-97bc-bd148fe15e9c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Allowing the use of a temporary password for system logons with an immediate change
to a permanent password is outside the scope of OpenShift configuration.

To affectively use password-based authentication, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="3d445664-31ad-44c3-9a73-e966b555a4e1" control-id="ia-5.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ia-5.2_stmt.a" uuid="a2b1037b-32b1-48d7-b633-f389aba90736">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="541735ef-84f2-42fc-a606-f0ebd03a99e2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-327</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5.2_stmt.b" uuid="e0bce06b-3ca7-4c6b-b737-8f7b277f03ce">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="541735ef-84f2-42fc-a606-f0ebd03a99e2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-327</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5.2_stmt.c" uuid="0bc48b29-44a3-402f-8bf4-891ed7bfaaeb">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="541735ef-84f2-42fc-a606-f0ebd03a99e2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-327</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ia-5.2_stmt.d" uuid="e6f5339f-55ea-49b8-8b36-6ca9d24cbd37">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="541735ef-84f2-42fc-a606-f0ebd03a99e2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-327</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="087b0337-b603-49f3-9da4-561f46d5a5fb" control-id="ia-5.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-5.3_stmt" uuid="a788ca9d-d74f-4362-872e-c0972bbd9917">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="847c4dff-2b19-46c8-a1c4-14fde9fa7f1a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational requirements that the registration process to
receive organization-defined types of and/or specific authenticators
be conducted either in person and/or by a trusted third party before
organization-defined registration authority with authorization by
organization-defined personnel or roles is outside the scope of
OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a0eca32c-d306-4f23-8e9e-96b6402ed104" control-id="ia-5.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ia-5.4_stmt" uuid="9ffddd5e-d96b-41df-b35b-8dbf74ca432e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c609ea35-e7b3-4483-9223-aa8bc09e7ff0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-328</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="571b39b1-f0a6-4dc9-a6a1-760fe8f05b3c" control-id="ia-5.6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-5.6_stmt" uuid="1db6648f-b34c-453e-a1a7-ada8b0930096">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d818cc45-a56b-48ea-95ff-0dd9de956381">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This is an organizational procedural requirement
outside the scope of OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a80217f5-2e7e-492e-b63a-d015ffb4b031" control-id="ia-5.7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ia-5.7_stmt" uuid="dab7d254-8dfa-4536-9227-25dc1a71046f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3422ee35-1c97-4e63-b358-ad7a35d6837b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for IA-5(7) is planned.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b31dfdc7-d04c-4f11-9301-4065d42c2638" control-id="ia-5.8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-5.8_stmt" uuid="b29d223b-6f88-4776-85f1-5ac1c5fbaee6">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="871db668-f70e-46b4-a932-afc550709739">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational implementation of organization-defined security
safeguards to manage the risk of compromise due to individuals having
accounts on multiple information systems is outside the scope of
OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="aba44873-a665-4cf3-972c-4bb448283d71" control-id="ia-5.11">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-5.11_stmt" uuid="dc253871-14d6-47f5-8139-0a58bffbc0c1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="98b4157c-f7dc-44e4-b6fa-2621e57af0de">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Employment of mechanisms that satisfy organization-defined
token quality requirements is outside the scope of
OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="19c8cc63-a729-4e74-8147-8ec4c686b08e" control-id="ia-5.13">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ia-5.13_stmt" uuid="cd05784b-a067-4639-9277-ab983a44d826">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="68814518-7f2c-4627-8cde-5041c22bd72e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-331</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d82ede4e-b4c6-4df6-8637-06ea271f4988" control-id="ia-6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ia-6_stmt" uuid="954333a6-db59-4363-84ff-4a093276cc26">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1de62daa-6d58-4197-b444-1f300cfa16bc">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>By default, OpenShift Container Platform session key and account login
passwords are obscured by not being displayed on output or by asterisks.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="15f30ea6-ea07-4a5e-8f4b-911b2b9913aa" control-id="ia-7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ia-7_stmt" uuid="8036c5d4-0735-4d3c-b75b-9a1e12ca4425">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f49ea9da-eda7-48e0-9efa-58caf64c9e50">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-334</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="40dc1e99-1157-46e8-93e9-b91aaacf5722" control-id="ia-8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ia-8_stmt" uuid="5f420b03-beea-4c0d-84b5-4039a12d1577">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bed8babc-a810-411b-bd12-deb0cca5d951">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for IA-8 is planned.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="e36cd541-c9e8-456c-9a9c-4e897c58bcd2" control-id="ia-8.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ia-8.1_stmt" uuid="6430ab3c-8226-489a-8a51-ceb2ca7c2b16">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="64d3d4db-549b-448a-8308-d9e57759b155">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Acceptance and electronically verified Personal Identity Verification (PIV) credentials
from other federal agencies is outside the scope of OpenShift configuration
and is the responsibility of a third-party identity provider.

To affectively use PIV credentials, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="1571fa34-2c0c-4837-8eb0-728567db9222" control-id="ia-8.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-8.2_stmt" uuid="ecb2f8e0-c4f5-44e9-ba59-b7122437ab7d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8dd8b698-d621-41cf-bb38-a1e0e4f77cf6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Acceptance of FICAM-approved third-party credentials
is outside the scope of OpenShift configuration
and is the responsibility of a third-party identity provider.

To affectively use FICAM credentials, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="086a9f3b-16b7-469c-958f-5a46a1b81120" control-id="ia-8.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-8.3_stmt" uuid="59f3a1d3-380c-4767-8cbb-61c59d4f0b35">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f50b47b6-83f0-41a1-b836-bb5aa76bbd31">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Employment of only FICAM-approved information system
components (e.g. cards, card holders, physical access
control system components) in organization-defined
information systems to accept third-party credentials
is outside the scope of OpenShift configuration
and is the responsibility of a third-party identity provider.

To affectively use FICAM components, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="68413d07-5f0c-48dc-8329-bbd634cd2aa6" control-id="ia-8.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ia-8.4_stmt" uuid="3691e247-fa06-4e02-a52b-87472287de3e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="451ba487-859d-46d2-be66-364a4f621a92">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Usage of FICAM-issued profiles is outside the scope of
OpenShift configuration and is the responsibility of a
third-party identity provider.

To affectively use FICAM profiles, configuring an
indentity provider is required. Documentation on supported authentication providers
can be found in the OpenShift product documentation:

https://docs.openshift.com/container-platform/latest/authentication/understanding-identity-provider.html</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="43039241-d333-4db7-9609-9b77b28a3f0f" control-id="ir-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-1_stmt.a" uuid="88eda018-bd0b-418c-9cb2-47118ed36ced">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-1_stmt.a.1" uuid="f3fa3086-4945-4831-bbe4-9e049146b989">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-1_stmt.a.2" uuid="d6827642-8b99-43e5-bc4a-cea9fbd10cbe">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-1_stmt.b" uuid="383de702-72c9-4a0f-846f-47cd60669782">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-1_stmt.b.1" uuid="bd1976e1-fa73-4ef6-80b1-4eb2e9e356b1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-1_stmt.b.2" uuid="d6cd467e-3cf8-412b-ab91-6b316fa4a606">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="81b56ecb-1a80-4e29-afd9-836933f1776d" control-id="ir-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-2_stmt.a" uuid="9984f5c1-9b0f-44f3-bb44-4013df8aae5b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-2_stmt.b" uuid="86b318cf-5287-4082-8c9c-2264b4717d66">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-2_stmt.c" uuid="9742cc48-f755-42e6-8abe-e19985c32dd2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2367133f-621b-4cab-8776-9deebf34d453" control-id="ir-2.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-2.1_stmt" uuid="6c36f2d1-0d77-4577-a814-b65b41f02528">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4822fc7b-bc2d-4e52-8ffc-0ea2e8a6ca3d" control-id="ir-2.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-2.2_stmt" uuid="7e6a6c24-671b-4ba7-8cf8-ef5989c45dce">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="fb508091-0909-4671-b454-7a461004d6d1" control-id="ir-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-3_stmt" uuid="37fdd0d5-0d8b-448c-8f9d-2bb6c5cfe139">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="ad715b1a-2e93-486c-8561-073e5a82ab87" control-id="ir-3.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-3.2_stmt" uuid="efdd36dd-4bb7-45ba-af25-6d6cecb488ba">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="c394eb2a-4cec-443c-a6f7-77349352fc20" control-id="ir-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-4_stmt.a" uuid="b6252153-ddba-4952-bd97-39f0d104771c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-4_stmt.b" uuid="e2104fee-fb83-43a6-a09a-85ce5502df00">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-4_stmt.c" uuid="457b25c6-28f9-464f-b964-cdc84235bf82">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="cce7723a-f25a-45c6-bf29-6a38860ebeab" control-id="ir-4.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-4.1_stmt" uuid="12b13f92-8631-4e3b-bd23-1f1d938505cf">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="50477ac1-d98a-43b8-af54-234026314dc3" control-id="ir-4.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-4.2_stmt" uuid="a3f16410-c76a-45fe-b7f0-3c3d6716f017">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="1cee8ead-f034-455c-96e9-7ec73b925095" control-id="ir-4.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-4.3_stmt" uuid="8877323d-5ad8-467e-b692-01b021da861f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="630fd8cd-d738-4a2a-aa33-78ce66629326" control-id="ir-4.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-4.4_stmt" uuid="de031b26-7778-4df6-a74f-0acb14e50ed7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f3490aa6-6340-4d5d-a3fc-bbdff1aa90cd" control-id="ir-4.6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-4.6_stmt" uuid="9f49d788-c4d3-433b-9873-f2bb11c70b6f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="25578eba-cfed-447c-a5ac-523b65484931" control-id="ir-4.8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-4.8_stmt" uuid="e56173de-466f-486f-91cd-59114e1cff27">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f8e53718-6179-495d-b4bf-22d1d2d49121" control-id="ir-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-5_stmt" uuid="c6ed00f0-aa54-42cf-9c24-3206ba3d77a7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="367e314c-be0a-4933-8e01-8ac474a58997">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="e4e6c774-fa7d-4308-8303-cf1c0654a266" control-id="ir-5.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-5.1_stmt" uuid="48da1fa4-4216-43f3-979e-5a1d78a7aa55">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="85d0cae6-52cd-4630-9774-5f89fe81b838" control-id="ir-6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-6_stmt.a" uuid="c3241b05-d5e4-4a28-9f92-42b18719d3ed">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-6_stmt.b" uuid="5c775a24-b49c-4266-a483-e37d1d37f3db">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7f80008b-3d1f-45ea-89f3-752cbcae9e61" control-id="ir-6.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-6.1_stmt" uuid="0bfb37aa-87c1-4fb5-bc5a-c515b6fb23e3">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="11e39f52-40e6-426b-a23e-f889000bc40b" control-id="ir-7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-7_stmt" uuid="6bfe8a45-3127-4281-a47a-adf2f5554f47">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="624d9025-07d0-4fd8-a465-8df8b03abb75" control-id="ir-7.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-7.1_stmt" uuid="d6cff08b-07c1-4b1e-8be3-357a62efd30b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2752dfd4-738e-4eaa-a8d0-29a1dffa058a" control-id="ir-7.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-7.2_stmt.a" uuid="a4f32ff7-f55a-48a6-90f9-632f70aaf8f4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-7.2_stmt.b" uuid="6b0721c9-da4a-46f8-8a0a-a4f9a587196b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="bb4e7052-02ce-441b-9c4a-89c532ecfb5f" control-id="ir-8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-8_stmt.a" uuid="227584e5-c6af-41d4-ab76-bc1381e3359b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-8_stmt.a.1" uuid="1c5de3cc-c433-4ace-91b7-6cd949843847">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-8_stmt.a.2" uuid="f0317202-3633-4cd1-872c-2f027b8756ca">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-8_stmt.a.3" uuid="b58411a1-bfd0-440e-9a31-8d9fd31edb18">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-8_stmt.a.4" uuid="569d6e87-911a-4a6e-be38-a2813bb5e02e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-8_stmt.a.5" uuid="efaea696-1fea-4abf-95b4-39344e4724e0">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-8_stmt.a.6" uuid="c1b60d11-37c5-455f-b47d-c5c278638a8c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-8_stmt.a.7" uuid="d58998e9-3310-4ec8-b6b7-73f1c1ffbd36">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-8_stmt.a.8" uuid="b66a3b8d-6cda-4aee-a38f-a0d4cd1c6bc7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-8_stmt.b" uuid="5c02f03a-0779-439b-86d5-7106516fda13">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-8_stmt.c" uuid="d239bbba-139c-4c7d-a720-3a66d534c6b2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-8_stmt.d" uuid="edabf95f-64af-430d-ab6d-5f04c028889e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-8_stmt.e" uuid="5cccbc53-1a22-418d-b3d4-026759960888">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-8_stmt.f" uuid="361269f5-7504-4190-b4d1-a73bff1622ad">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b2e348a3-31bc-433d-a2f8-b5c241ef86ce" control-id="ir-9">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-9_stmt.a" uuid="6da22d0f-ddb7-44c5-b7f1-53d7984979c8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-9_stmt.b" uuid="f96ad164-4bab-4324-a1e0-8437001f03a4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-9_stmt.c" uuid="ba4b075d-cc24-43f0-9a07-8ced5d7c0916">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-9_stmt.d" uuid="c9c9321b-a290-4831-869d-5cdb693c0f86">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-9_stmt.e" uuid="aab8ed8e-18a9-40e7-8eb9-c09674ede8ed">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ir-9_stmt.f" uuid="41ca2980-f5f5-4f5d-8aa2-8995a707f80e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="ab55c7b3-b446-485f-908a-ee269a195e13" control-id="ir-9.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-9.1_stmt" uuid="500fefa0-05dc-4bbe-9745-a7e84326bd99">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4f887b13-7b13-4e2f-a5b0-acd743b1d1d3" control-id="ir-9.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-9.2_stmt" uuid="eb82f482-7a0e-4707-b926-83e064fa27ac">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="22cf8a39-b2d5-40be-a422-0ae21886871a" control-id="ir-9.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-9.3_stmt" uuid="3fd83d97-1751-44d7-998c-879ebf776087">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="1098c877-c428-4909-ab14-b74a151fccf2" control-id="ir-9.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ir-9.4_stmt" uuid="e0ea69aa-daab-4b9a-9cf6-b5e89c485168">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f3c3f81f-a1af-442e-9c07-828b6dbd4cb9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b10fe6d1-8b4a-4355-a102-d7114483e66a" control-id="ma-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ma-1_stmt.a" uuid="f9871dec-e863-4601-a0a3-6cf618410383">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-1_stmt.b" uuid="70066806-55a5-46af-81bb-ef96b7601008">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2ed3fb53-97c8-4f9c-bcf3-320460f9f3aa" control-id="ma-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ma-2_stmt.a" uuid="d3d3bf14-2476-4700-8e56-50f6c4c33e47">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-2_stmt.b" uuid="e1493534-bb33-4385-b0a8-011771101e24">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-2_stmt.c" uuid="c45aba08-33ca-41b6-8c61-3173a666e4f7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-2_stmt.d" uuid="5188a418-51bc-4418-ad92-cd6bc24d9d50">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-2_stmt.e" uuid="e664b60f-5935-4125-a2ac-3d4f42040367">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-2_stmt.f" uuid="237d6190-6c08-44c2-a328-2ed9e6c838c2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="32ff53c2-e820-4f97-a568-c9d06222273f" control-id="ma-2.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ma-2.2_stmt.a" uuid="40691090-1a06-4ca9-baa8-eb1a08ac07fb">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="840ac7ae-8951-4ac5-90ae-23b9db3ae518">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-341
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-2.2_stmt.b" uuid="74cb7095-d4cd-4af9-802a-df57ac04233c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="840ac7ae-8951-4ac5-90ae-23b9db3ae518">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-341
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="fdfebb36-1e7b-420a-a053-b946e0071adb" control-id="ma-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ma-3_stmt" uuid="b4529b13-c674-4f08-9427-dbd97694278e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="0e77dc6d-69af-45e9-a308-375db32617ac" control-id="ma-3.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ma-3.1_stmt" uuid="e691a20f-9488-4437-8b9c-50e6b0666184">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="6a636ca8-7aa1-42f7-b901-174ecfbc3de4" control-id="ma-3.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ma-3.2_stmt" uuid="42b75ed1-c31a-4c6a-9e60-2bf2e42d5f58">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a13a2bff-16cf-4b17-aae8-777d336bb39a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Checking media containing diagnostic and test programs for
malicious code before the media are used in the information
system is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="870bfe36-974a-4c0e-9e27-e9a3ea93294e" control-id="ma-3.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ma-3.3_stmt.a" uuid="bf170846-fe82-434a-b6bc-bca8b57a4021">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a388243e-007b-4ea2-be24-332d8780977f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Preventing the unauthorized removal of maintenance equipment containing
organizational information by verifying that there is no organizational
information contained on the equipment is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-3.3_stmt.b" uuid="7c27499d-28f9-4871-8065-d32c1c74aa7b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="771c277e-946c-4a50-b2ef-93dccb7e35c3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Preventing the unauthorized removal of maintenance equipment containing
organizational information by sanitizing or destroying the equipment is
outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-3.3_stmt.c" uuid="37b48713-246a-4b65-a9dc-fde415f29e33">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="cd7ef875-1eac-4e79-ada8-7644963c1d05">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Preventing the unauthorized removal of maintenance equipment containing
organizational information by retaining the equipment within the
facility is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-3.3_stmt.d" uuid="10ebb45a-1949-467d-b9e8-b2fbacf9a9ca">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8143f81e-90f4-4697-96e1-801032cd2b0c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Preventing the unauthorized removal of maintenance equipment containing
organizational information by obtaining an exception from
organization-defined personnel or roles explicity authorizing removal
of the equipment from the facility is outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="204c3081-9db4-477a-b1b7-acc6123933ee" control-id="ma-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ma-4_stmt.a" uuid="50345522-239b-4d9a-a70d-7b5e6e2b3cf4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4f83d066-75c3-4751-9058-9a0072ba2a51">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Approving and monitoring nonlocal maintenance and diagnostic activities is an
orgnaizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-4_stmt.b" uuid="9ef16448-cbe4-4c91-80da-e1cb54be20d6">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e80348b7-25d4-4d89-b28b-0882198f6646">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Allowing the use of nonlocal maintenance and diagnostic tools only as consistent with
organizational policy and documented in the security plan for the information system is an
orgnaizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-4_stmt.c" uuid="bdb17a60-8fb0-4004-a01b-04fb5bc7b795">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="76a89fd3-8d46-4f5f-a2b3-ae12e81ef4f3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-343
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-4_stmt.d" uuid="29005666-5e5d-464f-8b34-73b8095d773b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="74202b5e-92f8-4be5-a08c-b07c9b0f8149">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The maintaining of records for nonlocal maintenance and diagnostic activities is an
orgnaizational control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-4_stmt.e" uuid="bf8f5d8b-bbcb-4b2c-ab1c-9b30498eb630">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="76a89fd3-8d46-4f5f-a2b3-ae12e81ef4f3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-343
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="5ce2c17d-db54-436e-bcb3-fcdbed7a3f45" control-id="ma-4.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ma-4.2_stmt" uuid="8eabb2c1-31b0-4785-8a44-5054c8050fbe">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="bc385ecd-e430-45b2-90cd-adfc2b2ebbe3" control-id="ma-4.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ma-4.3_stmt.a" uuid="05b0d878-30d2-4c3d-8aad-acf8a2d987ea">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-4.3_stmt.b" uuid="36add7bf-8160-4df6-af3e-6997a1074938">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2726f156-7a73-4fdf-a9d6-46d670ad0a17">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-371
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="79fe8c81-dabe-4866-98ae-c330540ca036" control-id="ma-4.6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ma-4.6_stmt" uuid="4f07b841-19b9-4f3a-8202-e5df6fb84798">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="26d1954d-0b65-4aaa-9294-05774d80dd67">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Engineering progress can be tracked via:

https://issues.redhat.com/browse/CMP-346
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="c6462421-f340-4b02-9572-80913c2f5646" control-id="ma-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ma-5_stmt.a" uuid="4dc39efd-5d7f-4b4d-866e-04a28ffdb2e4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="124aa32b-c8d1-48cd-a8e4-ddaeb3480877">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishing a process for maintenance personnel authorization and
maintaining a list of authorized maintenance organizations or personnel
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-5_stmt.b" uuid="b242b08c-223f-44d2-98b8-691eec589cf8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="72e60fde-d698-45ba-8c34-7bb3e0c6c8ce">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Ensuring that non-escorted personnel performing maintenance on
the information system have required access authorizations is
outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-5_stmt.c" uuid="0f320f71-ba98-423a-adc4-5a126367dccc">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="34e90741-c6f7-4d1f-a9b0-167c1eeb394c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Designating organizational personnel with required access
authorizations and technical competence to supervise the
maintenance activities of personnel who do not possess
the required access authorizations is outside the
scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a966e130-70ce-4e23-a70f-6310f3ee8639" control-id="ma-5.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ma-5.1_stmt.a" uuid="d563fffb-51f2-46e6-958f-c39290a08cef">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="28f67c55-45d9-4c06-9922-4473114ed208">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Implementing organizational procedures for the use of maintenance
personnel that lack appropriate security clearances or are not U.S.
citizens is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ma-5.1_stmt.b" uuid="fdfd32c5-c193-4bef-8d31-615380d02da1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="362916b9-da8f-4aac-932c-10a264871562">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Development and implementation of alternate security safeguards
in the event an information system component cannot be sanitized,
removed, or disconnected from the system, is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="ef948e47-fbc9-4af5-af58-e14406af116f" control-id="ma-6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ma-6_stmt" uuid="9434df4e-b1ff-437a-9cbf-578648ebd922">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="1c2b137c-e0e6-4383-8c59-bb398437a58a" control-id="mp-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="mp-1_stmt.a" uuid="a90905bd-7ee4-459d-9fde-427e6ae14845">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="mp-1_stmt.b" uuid="f16f66b5-c2ba-45c1-8f16-8e3252f197ab">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="108dc458-f5dd-4887-a989-5927a9611045" control-id="mp-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="mp-2_stmt" uuid="4d8f11fd-331c-4950-b137-f08af8a0083d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6bfdf96c-06c6-4444-94f3-165abf56435a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d0b6544e-44d1-4edd-985e-a6b6d54a5e81" control-id="mp-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="mp-3_stmt.a" uuid="b3630488-66ee-4d51-909f-058e6d757cea">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="mp-3_stmt.b" uuid="04252dcc-ea70-48c2-a81c-48226104f7f1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="5cee2b9c-bd47-4d33-b57c-22d9f82041e5" control-id="mp-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="mp-4_stmt.a" uuid="edd4c6d2-e1c1-4c98-a7ad-1cdee99c6e55">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="mp-4_stmt.b" uuid="45b21575-6f5e-4763-a423-d07380760015">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="68193acc-d0b9-4a4c-a3b5-b5bda72630e6" control-id="mp-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="mp-5_stmt.a" uuid="8c404d88-0d1e-4d18-b9d2-517af9ccdb23">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="mp-5_stmt.b" uuid="77d67d4d-5f52-4bf2-9b32-49c94ecb5530">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="mp-5_stmt.c" uuid="7cc6e721-c756-4423-bae8-109e9a62cc41">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="mp-5_stmt.d" uuid="a0959b9d-89cf-4ea9-a20d-5d9c5f00303b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="037a54ff-d1cb-4118-a65c-7704aae71480" control-id="mp-5.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="mp-5.4_stmt" uuid="e8b83342-3687-453b-be2c-a9364b11df2f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6bfdf96c-06c6-4444-94f3-165abf56435a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="0427c8d9-1658-43bf-b365-c2d8b57f973c" control-id="mp-6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="mp-6_stmt.a" uuid="f49bef15-aa6e-4f61-b787-ba9c4c2b1372">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="mp-6_stmt.b" uuid="31236cf3-7eb1-4545-8a44-72cec9a91f27">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d311ce3a-f151-4400-809d-689500bd0d34" control-id="mp-6.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="mp-6.1_stmt" uuid="22d632c8-9923-4510-ab89-36dd89c29573">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6bfdf96c-06c6-4444-94f3-165abf56435a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f186bd35-b47c-4277-821b-d9595a39f9f8" control-id="mp-6.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="mp-6.2_stmt" uuid="0145b297-a828-4259-b7ee-8235e00c827c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6bfdf96c-06c6-4444-94f3-165abf56435a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="62c0eab8-a7d6-425d-8448-edc6acd5750d" control-id="mp-6.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="mp-6.3_stmt" uuid="5e93e734-1148-42bc-ab0d-1d6e9901dfed">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6bfdf96c-06c6-4444-94f3-165abf56435a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="ec9f0f5b-634e-4648-a0bb-f90d4525af78" control-id="mp-7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="mp-7_stmt" uuid="864e4639-60ca-43bc-a00a-8ce2fb547d5e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ab02986d-bfed-4206-8c15-412836e72d28">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift does not utilize or have access to media such as optical
drives, USB devices, etc. Therefore, this control is not applicable to
Openshift.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="13df7266-0297-43fa-8cf1-abb43b354911" control-id="mp-7.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="mp-7.1_stmt" uuid="350395f8-7774-4c2b-8069-93b3a13a0b6f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6bfdf96c-06c6-4444-94f3-165abf56435a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="42a8e6e7-ba47-4673-aa26-921fc065444d" control-id="pe-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-1_stmt.a" uuid="c83f6fe7-f379-4d26-b467-b6d8eee9b69d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b9ec3101-88dd-4b31-8554-cb58a661cf37">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Development, documentation, and dissemination of a physical
and environmental protection policy reflects organizational
procedure/policy and is not applicable to component-level
configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-1_stmt.b" uuid="da7d9481-1921-47cd-a889-16afb00309d7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e2f86c0a-2a8a-4fb1-bba7-bcb67201d575">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational review and updates to the physical and
environmental protection policy reflects organizational
procedure/policy and is not applicable to component-level
configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7ec32282-917b-4e33-9f1b-1cc83c5f2126" control-id="pe-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-2_stmt.a" uuid="b5066467-2113-4017-8031-35011f19a450">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="038e04b3-3dbe-4b39-92c2-c785877f4bcd">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Development, approval, and maintenance of a list
of individuals with authorized access to the facility
where the information system resides reflects organizational
procedure/policy and is not applicable to component-level
configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-2_stmt.b" uuid="392ae166-9512-48e9-aa07-42183889708c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="669f2834-4e92-4717-871b-ae33fdaeaaa1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Issuing authorization credentials for facility access
reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-2_stmt.c" uuid="d5469cdc-724a-4322-9129-d5934c105c10">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bfb7d2d8-d63a-49c4-b3fb-7ca6924e9d98">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Reviewing the access list detailing authorized facility
access by individuals at an organization-defined frequency
reflects organizational procedure/policy and is not
applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-2_stmt.d" uuid="a967db64-9e28-4b4e-b8c7-3f44a166c394">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="859bce49-462e-42c3-a22c-f485a8e44724">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Removal of individuals from the facility access list when access
is no longer required reflects organizational procedure/policy
and is not applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="042703fc-da12-4f5b-9c7a-6d0137e53335" control-id="pe-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-3_stmt.a" uuid="5441c93a-ece5-4408-89a4-3016425351ad">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d32678f5-5c72-4ec3-81f0-9d87d5406f5a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Enforcing physical access authorizations at organization-defined
entry/exit points to the facility where the information system resides
reflects organizational procedure/policy and is not applicable to
component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-3_stmt.b" uuid="ff052ff3-128f-4899-bd0b-2ab818502631">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6fa063ec-7fbd-43c2-b09c-7d1a0f27e663">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Maintaining physical access audit logs for organization-defined
entry/exit points reflects organizational procedure/policy and
is not applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-3_stmt.c" uuid="6d431649-93fd-40ed-82a5-a10123b36d13">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ab51d315-44ab-420d-a34a-fe28a1bb5d8d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Providing organization-defined security safeguards to control access
to areas within the facility officially designated as publicly
accessible reflects organizational procedure/policy and
is not applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-3_stmt.d" uuid="73ada1b1-2cb7-4e33-92b5-d49db0460f18">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="89f5db7a-50c1-41a4-bd2f-b0515b74cd9d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Escorting visitors and monitoring visitor activity during
organization-defined circumstances requiring visitor escorts
and monitoring reflects organizational procedure/policy and
is not applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-3_stmt.e" uuid="cf7ec606-b6be-4f32-87a2-b69aacb9c9b8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="49afbd68-3163-4721-b4a1-6da04653789f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Securing keys, combinations, and other physical access devices
reflects organizational procedure/policy and
is not applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-3_stmt.f" uuid="ac8fc9a1-95dd-4d7c-b1c2-7e8aba4d5be6">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="0938121d-1df5-4128-b99d-0c772958da88">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Inventory of organization-defined physical access devices
at an organization-defined frequency reflects organizational
procedure/policy and is not applicable to component-level
configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-3_stmt.g" uuid="38201073-f9fa-470b-be12-c08647c86ac2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="12ae89c8-84dd-48ee-a198-3e89b569638f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Changing combinations and keys at an organization-defined frequency
and/or when keys are lost, combinations are compromised, or individuals
are transferred or terminated, reflects organizational procedure/policy
and is not applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="e5c68a92-d4ce-41fa-8e1b-1063b64c6dad" control-id="pe-3.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-3.1_stmt" uuid="06fd9321-0bf0-42e0-846d-db2e491efd5d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6692dd72-82e2-4904-b978-57ab4fe9921b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Enforcing physical access authorizations to the information system
in addition to the physical access controls for the facility at
organization-defined physical spaces containing one or more components
of the information system reflects organizational procedure/policy
and is not applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="46abf4f3-4472-4c77-bbd9-74c3eae01ff9" control-id="pe-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-4_stmt" uuid="3f1d80f0-7748-44bb-b239-72401a8a3c9a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="20a97f0a-87de-472b-9dab-1f3e696ffd79">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Controlling physical access to organization-defined information
system distribution and transmission lines within organizational
facilities using organizaiton-defined security safeguards reflects
organizational procedure/policy and is not applicable to
component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="3cf500e1-b3c3-403e-bbf2-3379450bbcd6" control-id="pe-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-5_stmt" uuid="095a9727-ee06-43af-bffc-967482a0e923">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="9939d4ca-f972-4a8d-b331-68d3d9967242">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Controlling physical access to information system output devices to
prevent unauthorized individuals from obtaining the output reflects
organizational policy/procedures and is not applicable to
component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="dc8a7092-0aab-4dd5-a47a-e857656e5f0b" control-id="pe-6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-6_stmt.a" uuid="33cd6b74-63d4-460b-823f-b5f28b85efcd">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d819c998-1e4d-48ac-b59d-ad2866825484">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Monitoring physical access to the facility where the information
system resides to detect and respond to physical security incidents
reflects organizational procedure/policy and is outside the scope
of component-level configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-6_stmt.b" uuid="f3362c58-4214-4a7c-80a0-b105d2e1c71b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ce190ad7-f714-44fa-bfc0-8945d32c13e1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Reviewing physical access logs at an organization-defined
frequency and upon occurence of organization-defined events
or potential indications of events, reflects organizational
procedure/policy and is not applicable to component-level
configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-6_stmt.c" uuid="b92908ce-4745-4711-bcb3-6a5960563a2d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="84fe10a0-60dc-47d9-90ba-d0f6f61bca15">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Coordinating results of reviews and investigations with
the organizational incident response capability reflects
organizational procedure/policy and is not applicable to
component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9eb8c9df-6a43-4ca1-be5e-af5b64bc1e07" control-id="pe-6.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-6.1_stmt" uuid="a52a9d06-93d7-4a3c-87f0-fcedc317b627">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8bef794c-7b7e-4074-8e91-b173fa4abe84">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Monitoring physical intrusion alarms and surveillance
equipment reflects organizational procedure/policy and is
not applicable to component-level configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="6d5c7593-49fa-4c9c-8d3d-bc7f35f5990a" control-id="pe-6.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-6.4_stmt" uuid="061d54b0-744f-485e-883e-4951aaf1093e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f095e424-f8ec-49c7-9bcc-f96ddcbb3d15" control-id="pe-8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-8_stmt.a" uuid="3ad283fa-6c9a-4617-9d2c-02d449dcbcf6">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-8_stmt.b" uuid="b0ba16aa-b9c1-4dfe-b376-cda0ce550a90">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f6ecb57c-7c19-44b0-bac4-a5fbab4df86f" control-id="pe-8.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-8.1_stmt" uuid="454f3b43-de96-46c4-a3d0-f58dcb45f304">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="0635d150-3a98-4e98-a667-6431990f587a" control-id="pe-9">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-9_stmt" uuid="c19229f8-a84f-470a-84ed-de7df10f336f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a57e4d67-c598-4182-bd57-56c2b2317c43" control-id="pe-10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-10_stmt.a" uuid="d343c585-7b02-4533-871a-c32b446362d0">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-10_stmt.b" uuid="9edbcd42-3377-482d-9c61-3724cd426484">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-10_stmt.c" uuid="80b74763-f418-4932-b9d3-26a22ae47b8d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="c691a5ed-fb84-4f08-9ccf-013cfdb3d933" control-id="pe-11">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-11_stmt" uuid="2c09299d-b3f1-4751-ac40-2dc19f06db40">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="bbceddc1-6c7f-4b79-a887-e5d81ab47923" control-id="pe-11.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-11.1_stmt" uuid="72ba5646-de53-49f3-b437-b73a78bb73b9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="814d78db-2372-41e9-a7c2-86eb5e84b3bb" control-id="pe-12">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-12_stmt" uuid="f57faeee-5800-434a-aa8a-947a9ae886f3">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4fb04d5d-82ac-46c9-a0b6-bf1bf7855bd7" control-id="pe-13">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-13_stmt" uuid="abdc8068-bb34-4683-b938-e70eb7d36f5b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="75252532-001a-40fd-be79-9834d2c23616" control-id="pe-13.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-13.1_stmt" uuid="8deeb6b2-d617-46df-aea8-c5284679b59b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="0cd48fa2-10c4-465d-837c-c7baefec9389" control-id="pe-13.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-13.2_stmt" uuid="4fba5a01-28f4-4cd7-ac08-c79049d5e88b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f16ae8a9-7174-4efa-ba35-2c47d2b91a24" control-id="pe-13.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-13.3_stmt" uuid="f92fa53e-d3d6-4c4d-b955-24ab2fa05540">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a8b0df72-c643-45b3-b800-1b06d1eb1d99" control-id="pe-14">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-14_stmt.a" uuid="15495bed-f082-405e-b69e-c743c8c3c20a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-14_stmt.b" uuid="a0d0eda2-1aa8-4afb-a24b-7c95d233bb3d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f98f1c09-8ebb-4c9c-ae89-c4eeeac91bf3" control-id="pe-14.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-14.2_stmt" uuid="2512deb0-8e8e-427e-b878-20df59f6bc92">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="901a3457-97b6-4093-bbe0-31ce3a1cdcf6" control-id="pe-15">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-15_stmt" uuid="61425ee7-5b2f-4888-8373-62f378945ff4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="6a8204c1-82d7-42ed-8c0b-36ac861ad114" control-id="pe-15.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-15.1_stmt" uuid="fd4ea2a1-0064-47e3-ae90-39a271a19a12">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="17f3da9e-c287-44a5-8169-28cf3375c1d3" control-id="pe-16">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-16_stmt" uuid="feaebed6-68b5-4c4b-8b88-883a8038ae9a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a8903585-dab4-48bf-885a-8d4239c0a146" control-id="pe-17">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-17_stmt.a" uuid="4e5ec6fc-d0eb-4ade-a6a2-3155cf00d493">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-17_stmt.b" uuid="f9b94f04-f1a9-47d0-b956-3d8a01fbfe9b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pe-17_stmt.c" uuid="71d51466-6a5c-4e73-be85-8281000132ff">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="64febddb-5b7e-47fe-b36a-aa226f622003" control-id="pe-18">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pe-18_stmt" uuid="17386ec3-a0eb-4780-8cde-c6e06a2be629">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="714dfd58-b575-491d-970d-f81615036e09">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="89868230-0876-48af-8880-46230d2f29c0" control-id="pl-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pl-1_stmt.a" uuid="8661b679-96b7-4c77-b230-bd4a38abe4a8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pl-1_stmt.b" uuid="8ece81dd-536a-424b-a2fb-61952dd53bdf">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9afad57f-6172-4f87-b55b-8cd68079e3c8" control-id="pl-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pl-2_stmt.a" uuid="4b7ed71e-ba46-4d43-b6b7-ea99bc5dcd94">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pl-2_stmt.b" uuid="9a4add41-bc05-416c-a9e4-229cb6f61367">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pl-2_stmt.c" uuid="fb20fcf3-5cd7-458f-8fd4-edf1306f9d1b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pl-2_stmt.d" uuid="06fb5ceb-ddd2-4c39-8ccb-356fb02780d1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pl-2_stmt.e" uuid="782bc7bb-1af6-4c75-ad8e-769f8830e159">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="cfb0e9c7-e02e-48b9-9545-d7f1079f3841" control-id="pl-2.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pl-2.3_stmt" uuid="e0441873-fe4c-4ba7-b968-b8f5bff5c152">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="98e11268-47c9-4eb2-bd17-5bcac114ab5c" control-id="pl-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pl-4_stmt.a" uuid="499d42ac-5c67-46fb-9e18-149401fb3abf">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pl-4_stmt.b" uuid="f9388bac-7d81-4eb5-8343-4962c303ffa2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pl-4_stmt.c" uuid="8f371b57-4152-475c-90df-2b05ffc39c5b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pl-4_stmt.d" uuid="96b2d54b-376d-4317-94b5-152505a1a8d6">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="0631ed74-f5ea-4d53-8e4f-2a04944e15e6" control-id="pl-4.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pl-4.1_stmt" uuid="3720957a-be86-4c93-ae1b-88066debe321">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="8c9309f3-7b5d-4459-92fc-36d4590cfd4c" control-id="pl-8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="pl-8_stmt.a" uuid="0f57aec2-e9c4-4376-948f-18a94d9b9083">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pl-8_stmt.b" uuid="ed59aefa-4b9b-4a10-85a7-0b44cf3e104c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="pl-8_stmt.c" uuid="35f39cbf-20b3-45fe-b2bb-22d0cc4477b5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="6418d139-6314-4ff0-af50-b28e66b16261" control-id="ps-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ps-1_stmt.a" uuid="b24ac5ec-0704-4378-998a-e73711c1f6e6">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="62dcd424-6492-48c6-9817-eceeb62df311">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational development, documentation, and dissemination of
a personnel security policy to organization-defined personnel
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-1_stmt.a.1" uuid="f3c6288f-f0e2-4ff3-9e85-02a37d7ace14">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="62dcd424-6492-48c6-9817-eceeb62df311">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational development, documentation, and dissemination of
a personnel security policy to organization-defined personnel
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-1_stmt.a.2" uuid="9b53e6dc-8b9b-4147-9b13-709f2495c207">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="62dcd424-6492-48c6-9817-eceeb62df311">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational development, documentation, and dissemination of
a personnel security policy to organization-defined personnel
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-1_stmt.b" uuid="4f650c83-ce49-4c48-92a4-2c894efc17df">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="337e7f04-ade2-4095-b026-96842ddb9414">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational reviews and updates to the personnel security policy
and personnel security procedures at an organization-defined frequency
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-1_stmt.b.1" uuid="81dcc255-fee1-488d-8ca0-dd88f7c2ded1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="62dcd424-6492-48c6-9817-eceeb62df311">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational development, documentation, and dissemination of
a personnel security policy to organization-defined personnel
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-1_stmt.b.2" uuid="7785900e-402f-4ccf-9bc0-597a2e7eb688">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="62dcd424-6492-48c6-9817-eceeb62df311">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational development, documentation, and dissemination of
a personnel security policy to organization-defined personnel
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="37d305bd-2e58-4cc3-8fd7-311c59020818" control-id="ps-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ps-2_stmt.a" uuid="e24c75d6-3b6c-4d16-83d9-036d896f93ae">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ae453aca-5f7f-4c57-8ad3-40b0a9929f33">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational assignment of a risk designation to all organizational
positions is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-2_stmt.b" uuid="85ed1245-db1e-438d-96de-61ac6fc21ed9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="955de2dc-b541-4f89-87be-be3aa93b2b96">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational establishment of screening criteria for individuals
filling those positions is outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-2_stmt.c" uuid="82eb9502-0431-4a91-ace1-25f947087689">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1cdb5679-ba64-4c52-aa04-49a4040f8b32">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational review and updating of position risk
designations at an organization-defined frequency is outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="50b3ccf4-7437-4b9d-a4e9-2bd2111d0712" control-id="ps-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ps-3_stmt.a" uuid="ae898ca2-4245-47a2-b67e-9cb04cd16b60">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="70d1537c-8e3a-4d4c-be9f-106f6072d75d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational screening of individuals prior to authorizing access
to the information system is outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-3_stmt.b" uuid="9e412acd-66d6-42fc-a874-60196f12e434">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="5544b6cb-8c54-4e7e-8726-4b2ce8114fe0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to rescreen individuals according to
organization-defined conditions requiring rescreening and,
where rescreening is so indicated, the frequency of such
rescreening, is outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="56352245-c717-4c44-9855-540a11d30de5" control-id="ps-3.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ps-3.3_stmt.a" uuid="c1108de0-83ed-4d8a-8a7c-53749058ea9a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d09c04bd-7810-41e4-bcb0-225d8ada0f30">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes ensuring that individuals accessing an
information system processing, storing, or transmitting information
requiring special protection have valid access authorizations that are
demonstrated by assigned official government dutues, are outside the
scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-3.3_stmt.b" uuid="16039ff5-0c13-49ca-8051-f02fcf6ae567">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1c7e61d0-4736-4a25-88b8-6262505d4d16">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes ensuring that individuals accessing an
information system processing, storing, or transmitting information
requiring special protection satisgy organization-defined additional
personnel screening criteria, are outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a058b4a0-06f7-4cca-a104-955e4193ff8e" control-id="ps-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ps-4_stmt.a" uuid="3c96cf7b-382b-4d78-803c-13d0c4c75b46">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="5e47fb61-98cd-40de-a48c-3038ea513aad">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes ensuring that, upon termination of individual
employment, information system access is disabled within an
organization-defined time period, are outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-4_stmt.b" uuid="35295a74-1026-436a-ae0e-6ec855cf798f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="12f961d4-848d-40f7-8f40-40e10e88d0df">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes ensuring that, upon termination of individual
employment, any authenticators/credentials associated with the individual
are terminated/revoked, are outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-4_stmt.c" uuid="af8c79a4-798e-4bf9-a02e-140e04e48d10">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ec36ccaf-c3ab-4747-a425-c6bedc278aeb">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes ensuring that, upon termination of individual
employment, exit interviews are conducted that include a discussion of
organization-defined information security topics, are outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-4_stmt.d" uuid="8ea327e5-5a11-4a98-8827-eca5a7049fe7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d80627a1-8f9e-43a4-a7a2-a75249dc410f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes ensuring that, upon termination of individual
employment, all security-related organizational information
system-related property is retrieved, are outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-4_stmt.e" uuid="f0301041-d18b-4c26-85b7-9b08eb82f8dd">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="69d0287a-bda0-4d09-a48e-89d9bc9d50f3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes ensuring that, upon termination of individual
employment, the organization retains access to organizational
information systems formerly controlled by the terminated individual,
are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-4_stmt.f" uuid="011f2825-4703-46b3-96d7-51cb5008f740">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="9264a668-6ecd-4ad9-ad90-bf8e50a666bc">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes ensuring that, upon termination of individual
employment, the organization notifies organization-defined personnel
or roles within an organization-defined time period, are outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7cea1b03-978c-48cd-9971-1ed703928d6d" control-id="ps-4.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ps-4.2_stmt" uuid="e9ebe04d-48ea-4e48-9fc9-8007070bc36f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4a2ee485-a4e5-4548-a3dc-b252d1125086">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational employment of automated mechanisms to notify
organization-defined personnel or roles upon termination of
an individual, is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f021987d-0773-4783-8fe5-638a1887ad41" control-id="ps-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ps-5_stmt.a" uuid="71f7e07a-0962-4f69-8159-2e9e25384f86">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="046ba626-c644-49c6-b052-fe0a5a90ddb7">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to review and confirm ongoing operational
need for current logical and physical access authorizations to
information systems/facilities when individuals are reassigned or
transferred to other positions within the organization are
outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-5_stmt.b" uuid="9b950b32-4306-4b6f-b8fd-daecabbae7bb">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="35dc728a-280b-490f-81d4-af07110b288c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to initiate organization-defined transfer
or reassignment actions within organization-defined time period
following the formal transfer action are outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-5_stmt.c" uuid="3fc5d320-e25e-4155-8a39-2f19efb6f270">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="0dae94fe-dbc1-4081-8464-f551f752798b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to modify access authorizations as needed to
correspond with any changes in oeprational need due to reassignment
or transfer are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-5_stmt.d" uuid="411f7849-0de6-4bfb-b74f-2172c0af25b1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="5e1cf303-9747-4c4b-8012-ed16c6dab514">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational notifications of organization-defined personnel
or roles within an organization-defined time period are outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="1a89d281-0763-4c66-a8df-f4c676911d94" control-id="ps-6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ps-6_stmt.a" uuid="0bbdf0b6-33f4-459b-bf47-0aef0c11860d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e7a359d9-81cb-434b-a2be-7979b7e4a973">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational process to develop and document access agreements for
organizational information systems are outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-6_stmt.b" uuid="6ed74614-2509-4ef1-8412-0d72b7724797">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a45644f6-3dd6-4597-8ef5-3645ccdb53db">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational reviews and updates to the access agreements at an
organization-defined frequency are outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-6_stmt.c" uuid="ba99c181-39cf-4f21-8687-44efca1db67c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8b8e4e85-2021-46dc-a624-b1eb6a3017e2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes that ensure individuals requiring access to
organizational information and information systems sign and re-sign
access agreements are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-6_stmt.c.1" uuid="8b6861d8-67c6-4ee8-85fb-940265a98402">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8b8e4e85-2021-46dc-a624-b1eb6a3017e2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes that ensure individuals requiring access to
organizational information and information systems sign and re-sign
access agreements are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-6_stmt.c.2" uuid="9b14e8e1-6706-4803-9305-4e39b807b3a2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8b8e4e85-2021-46dc-a624-b1eb6a3017e2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes that ensure individuals requiring access to
organizational information and information systems sign and re-sign
access agreements are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9823674e-6560-4272-9878-ac4ccf6265ff" control-id="ps-7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ps-7_stmt.a" uuid="fe812d2b-7c23-4aac-a3ea-551fdeb52599">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f5a4573f-c61a-433c-9c26-244b43757c7c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to establish security requirements including
security roles and responsibilities for third-party providers are
outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-7_stmt.b" uuid="760ce5b7-396d-4b48-9d82-4a58a0dadac2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3e3a927d-e9dc-4fae-9fbb-26b02455e8a3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes requiring third-party providers to comply
with personnel security polocies and procedures established by
the organization are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-7_stmt.c" uuid="8f063b21-41fd-48f0-bdfd-e9be890bdc0d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c0ee8df1-b100-4388-a721-41e512901fdd">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to document presonnel security requirements
are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-7_stmt.d" uuid="83a11cc0-7793-4d8a-9e90-76993dc991fe">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="0d3a188b-9d80-4557-8ca4-b66bc1df60e1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to require third-party providers to notify
organization-defined personnel or roles of any personnel transfers or
terminations of third-party personnel who possess organizational
credentials and/or badges, or who have information system privileges
within an organization-defined time period, are outside the
scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-7_stmt.e" uuid="09ffad36-86ce-4a99-98d9-3b1ae3af8ff9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="12999939-abc7-4215-909a-394cf63184e2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational monitoring of provider compliance is outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="aa9d1f60-1c2e-44d5-9f55-7d7de80fd800" control-id="ps-8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ps-8_stmt.a" uuid="f8d7d00a-923b-46d1-a7e7-331808aa594a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fcb49196-9d3c-418c-9242-85e984011583">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational employment of a formal sanctions process for individuals
failing to comply with established information security policies
and procedures is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ps-8_stmt.b" uuid="65d1d313-0f08-45cb-a619-0c2f61acfa0b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4a62645f-0cd3-49e8-9156-210ee0518aac">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational notification of organization-defined personnel
or roles within an organization-defined time period when a formal
employee santions process is initiated, identifying the individual
sanctioned and the reason for the sanction.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="3bfbc934-621c-4c62-a8f3-c59fa780cc7c" control-id="ra-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ra-1_stmt.a" uuid="c39e40d4-607f-4cd4-83fa-cecbcd6c3166">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="213d7bbc-cff7-4e68-9c54-b7877b691d94">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational development, documentation, and dissemination to
organization-defined personnel or roles a risk assessment policy
and procedures is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-1_stmt.a.1" uuid="91c6f409-6df9-4a9b-ab2f-42edea1fcffd">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="213d7bbc-cff7-4e68-9c54-b7877b691d94">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational development, documentation, and dissemination to
organization-defined personnel or roles a risk assessment policy
and procedures is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-1_stmt.a.2" uuid="bf7f3604-2e9b-4d59-9a2c-d0d031beadf8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="213d7bbc-cff7-4e68-9c54-b7877b691d94">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational development, documentation, and dissemination to
organization-defined personnel or roles a risk assessment policy
and procedures is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-1_stmt.b" uuid="f7c298b7-b302-4c3d-a246-7184dcfddc45">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a153aea0-e388-4ac9-83d7-f7c7476466f9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational review and updates to the risk assessment policy
and risk assessment procedures is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-1_stmt.b.1" uuid="72741310-7fe8-4032-bf53-b655ea2af645">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a153aea0-e388-4ac9-83d7-f7c7476466f9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational review and updates to the risk assessment policy
and risk assessment procedures is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-1_stmt.b.2" uuid="5792d319-a3b9-4692-8e69-f2b76bd23587">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a153aea0-e388-4ac9-83d7-f7c7476466f9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational review and updates to the risk assessment policy
and risk assessment procedures is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="31deea7c-6add-4a41-8588-b35cd74200e2" control-id="ra-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ra-2_stmt.a" uuid="e425d113-cb52-4770-a787-dbfb9283baf1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b646a97c-a692-4944-81b9-d72d1a1dbfa5">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to categorize information and information
systems in accordance with applicable federal laws, Executive
Orders, directives, policies, regulations, standards, and
guidance, are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-2_stmt.b" uuid="180f1b32-6728-4307-bb8d-e5f3e11616b5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2e4bd24f-ef83-4d22-ba7f-9e298da40889">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to document the security categorization
results (including supporting rationale) in the security plan for
the information system are outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-2_stmt.c" uuid="6d002ff0-ef05-4c3f-8bc1-22eae07f0f6b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="67fdd016-131f-4800-b183-bf0316142769">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to ensure that the authorizing official
or authorizing official designated representative reviews and
approved the security categorization decision are outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4eef68a0-d37e-4d8b-af8c-932640baa277" control-id="ra-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ra-3_stmt.a" uuid="de140349-fc88-4c48-99d7-6d6e5f160517">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="dc7839ff-252e-4d8d-b76c-ba50c8fab112">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to conduct an assessment of risk,
including the likelihood and magnitude of harm, from the unauthorized
access, use, disclosure, disruption, modification, or desctruction of
the information system and the information it processes, stores, or
transmits, are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-3_stmt.b" uuid="648e4432-a1ed-4d2d-a44c-72cb255d638f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a2898b82-0d1a-43d5-8b7d-6eed5da1f17b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to document risk assessment results in
security plans, risk assessment reports, or organization-defined
documents, are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-3_stmt.c" uuid="ce4d2f6f-9c07-490a-8ade-90d59226f649">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d2b4dcf0-4978-45a4-b3f6-1a5fa0895772">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to review risk assessment results at
an organization-defined frequency are outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-3_stmt.d" uuid="f3b2eb0d-d1ca-4e6d-8d42-d52cc870a44c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="5ca46929-3bb7-41eb-9c71-ef2dcda81be9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to disseminate risk assessment results to
organization-defined personnel or roles are outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-3_stmt.e" uuid="afb420a3-1588-43c0-8d92-1d6a19c26a4e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="53ebb371-bbba-4b7a-91f2-0ac7bb23304d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to update the risk assessment at an
organization-defined frequency or whenever there are significant
changes to the information system or environment of operation
(including the identification of new threats and vulnerabilities),
or other conditions that may impact the security state of the system,
are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d4d65759-0b51-4008-b230-13f0cad39da3" control-id="ra-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="partial"></annotation>
      <statement statement-id="ra-5_stmt.a" uuid="f17a8ec1-9d5d-4580-bbc2-b4353fee950c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-5_stmt.b" uuid="32452604-d567-4f57-9297-989800a25777">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="df419c09-815a-4da6-b94b-910a483031f0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-352
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-5_stmt.c" uuid="836b92c2-8835-4d79-926d-81f585abb42d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-5_stmt.d" uuid="251084fa-f276-473f-814f-ab0b8af395ba">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="df419c09-815a-4da6-b94b-910a483031f0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-352
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="ra-5_stmt.e" uuid="37953ae8-a61c-4f2d-ba69-7c11b415b703">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6bd9f1ee-7804-4aa2-b15e-03a253025368">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to share information obtained from the
vulnerability scanning process and security control assessments
with organization-defined personnel or roles to help eliminate
similar vulnerabilities in other information systems (i.e.,
systemic weaknesses or deficiences) are outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="99bfb322-3894-4141-babf-b99bfe1d7692" control-id="ra-5.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ra-5.1_stmt" uuid="c78f080b-6d2c-4038-830f-eb3c7e1ae855">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e39b5519-8ce6-44bf-b85b-37b0f2295593">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-353
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="252c6ba8-177e-4271-9d60-77e94367b757" control-id="ra-5.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ra-5.2_stmt" uuid="efd7ce58-8caa-44d2-a557-2e1a8bb106a5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="e8f78c47-1c52-4c94-9072-eb04448803bc" control-id="ra-5.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ra-5.3_stmt" uuid="81d05f8b-1150-4907-a6fb-fadfb30f5f2c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d194d2af-b539-434b-86c4-c330c1e61adb" control-id="ra-5.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="ra-5.4_stmt" uuid="62a12a26-4c85-4031-8ec1-ca06cefc7b01">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2eca7b45-5942-4994-b711-b525128ca9a2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-354
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d3e5fad0-3c63-4c9f-8e76-12ad125bf340" control-id="ra-5.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="ra-5.5_stmt" uuid="bb4660d7-4f44-4c2b-9f1c-c9bfb7183ca9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c5bf90d-ac0b-4600-95e9-897075990aae">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>For the purpose of conducting a vulnerability scan of OpenShift, the OpenShift API and nodes
should be scanned using the OpenShift Compliance Operator. OpenShift supports
RBAC for users and groups, appropriate vulnerability scans can be performed against
the OpenShift web application interface. For the OpenShift Compliance Operator, only OpenShift
Cluster Administators are able to access and run the operator for compliance and vulnerability scans.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="3a66b623-7a77-4166-9bc8-fe36369d6a66" control-id="ra-5.6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="partial"></annotation>
      <statement statement-id="ra-5.6_stmt" uuid="42e81289-d5c0-4fb6-a470-ca1b979a6f12">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="65f278f2-f1de-4fc4-a2a8-625d8839df42">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response is planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-356
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="95a86ba9-c73d-4ea6-bf2b-3925b389493f" control-id="ra-5.8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ra-5.8_stmt" uuid="f664f019-6de1-4755-9f04-9e25964a1102">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="67e7e64d-1b94-4fc9-9749-2ca36805a52e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational review of historic audit logs to determine if a
vulnerability identified in the information system has been
previously exploited is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="698ee8f0-70df-4834-afd4-d262276f9162" control-id="ra-5.10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="ra-5.10_stmt" uuid="d035a3f8-570a-470e-a243-e23b046990ab">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="695d8f9d-0723-4adf-9611-126f375852c1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to correlate the output from vulnerability
scanning tools to determine the presence of
multi-vulnerability/multi-hop attack vectors are outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="46175d8c-c262-4815-a381-7c1f4872a44a" control-id="sa-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sa-1_stmt.a" uuid="0c2fb97c-2841-4c9c-9c64-3a30cfa2c885">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="429545fc-4635-4006-a3f4-8345e1c4397d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to develop, document, and disseminate to
organization-defined personnel or roles a system and services
acquisition policy is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-1_stmt.a.1" uuid="a7bad430-0d6e-4e8e-9df8-113430accf6b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="429545fc-4635-4006-a3f4-8345e1c4397d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to develop, document, and disseminate to
organization-defined personnel or roles a system and services
acquisition policy is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-1_stmt.a.2" uuid="e946d4ac-cf58-49aa-b1ce-1f1f4efa6a1c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="429545fc-4635-4006-a3f4-8345e1c4397d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to develop, document, and disseminate to
organization-defined personnel or roles a system and services
acquisition policy is outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-1_stmt.b" uuid="93ca6950-0e3f-44a1-805e-a64737d09b08">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="218f11d3-f7f4-4efe-9f7a-cdee5754e5a1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational review and updates to the current system and services
acquisition policy and procedures at an organization-defined frequency
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-1_stmt.b.1" uuid="bd4f2cb4-847f-4f4c-931c-948b2e7476aa">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="218f11d3-f7f4-4efe-9f7a-cdee5754e5a1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational review and updates to the current system and services
acquisition policy and procedures at an organization-defined frequency
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-1_stmt.b.2" uuid="826cee26-2ebb-44a5-8a0a-26e4fe4d1a6f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="218f11d3-f7f4-4efe-9f7a-cdee5754e5a1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational review and updates to the current system and services
acquisition policy and procedures at an organization-defined frequency
is outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="880a9424-3bc8-47b0-8d90-7a7cc8f08023" control-id="sa-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sa-2_stmt.a" uuid="fc47bc65-d051-44cf-b98a-5d9a0356f474">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="77dcf71d-eac7-4ce3-af35-7b3e574997c7">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to determine information security requirements
for the information system or information system service in
mission/business process planning are outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-2_stmt.b" uuid="3685259c-66b4-470c-9da0-6fad099d6e5b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c829fb17-abe4-457a-8451-75ad86d36f38">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to determine, document, and allocate the
resources required to protect the information system or information
system service as part of its capital planning and investment
control process are outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-2_stmt.c" uuid="2b7c4ef2-c540-4683-a633-795c99f687b7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6f21e997-d0b1-4d3f-abab-e7b6b5743832">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to establish a discrete line item for
information security in organizational programming and budgeting
documentation are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4b3cd903-81fc-4a32-9832-6b967acb18c8" control-id="sa-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sa-3_stmt.a" uuid="9a15d6de-18c2-47f2-9622-c7d39deb8f8b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="9a4ae5ef-fcf4-41e7-a41b-d8d300d1c57b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to manage the information system using
organization-defined system development life cycle that incorporates
information security considerations are outside the scope
of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-3_stmt.b" uuid="1a183eb7-9f87-49da-8f1b-ba580be9bdd1">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="cfd84749-931b-4fca-8d62-9f7ea3cdd3da">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to define and document information security
roles and responsibilities throughout the system development
life cycle are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-3_stmt.c" uuid="030a665c-8a6f-4f0e-9f26-3521e733f7d0">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2ed7cb61-e7fb-4e18-b55d-f4f171158807">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to identify individuals having information
security roles and responsibilities are outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-3_stmt.d" uuid="5be291c8-e453-4828-9224-37814c38ccd7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f7461713-8ea2-4840-ad52-c9e877e7f51e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to integrate the organizational information
security risk management process into system development life cycle
activities are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4c425b9b-a871-4e71-9d35-ab1990789375" control-id="sa-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sa-4_stmt.a" uuid="f9dc2050-658f-4d3c-ab5a-11221a03656a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="cdcf642f-0ad8-4f50-94b5-cc8b29f9d090">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to include security functional requirements
in acquisition contracts are outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-4_stmt.b" uuid="1444637a-9f7b-41f2-bfcb-9e5f8b359517">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a0fba4bd-1c76-40ec-9a33-1ed138551a80">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to include security strength requirements
in acquisition contracts are outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-4_stmt.c" uuid="5046dcd6-30b8-49a6-8774-93e0ffef45c6">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="9cf529bd-91c3-474e-b0c6-777fcc5cffbc">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to include security assurance requirements
in acquisition contracts are outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-4_stmt.d" uuid="a704a7c4-133e-4b37-8c2d-ee72fe0d0247">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="733da578-3bab-42b0-96bf-5ed6c85d832b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to include security-related documentation
requirements in acquisition contracts are outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-4_stmt.e" uuid="5a1d9736-3556-40c8-9120-303349cfc92b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a079f5b3-49e3-460d-8778-5098f04705ec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to include requirements for protecting
security-related documentation in acquisition contracts
are outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-4_stmt.f" uuid="41f8de4b-2c62-4d99-ab89-1f0303738385">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2ce208fb-60c3-47f5-855e-9fc2e5bd0db6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to include a description of the information
system development environment and environment in which the system is
intended to operate in acqusition contracts are outside the scope of
OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-4_stmt.g" uuid="6c8fb61b-8dc6-4391-a608-d0941b0d093f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="66030e0c-d706-4d48-a588-f0f4cbc62d79">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Organizational processes to include acceptance criteria in
acqusition contracts are outside the scope of OpenShift
configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="5304b0c8-226c-4b93-8016-3c5d124f854b" control-id="sa-4.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-4.1_stmt" uuid="64169bbc-e536-4a43-a859-591743b4b950">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4d3defd9-e7ba-4864-8474-4487cbcaf84e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-4 (1) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-360
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="44c7e4b7-6adc-4f5b-9dc5-e761001d8982" control-id="sa-4.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-4.2_stmt" uuid="59c5a200-46b7-48ab-bc21-d6932d43a016">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e6535c33-0142-4714-8f10-09335fc6dc79">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-4 (2) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-361
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="11659e90-59b5-4173-b43b-1812ae1883b6" control-id="sa-4.8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-4.8_stmt" uuid="4b9d4eea-be9d-4f5f-9a67-ce7e25a48f33">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="597f1282-83d4-49ec-8766-9be0dbbd2f16">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-4(8) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-365
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9ff8b64a-8a54-4e48-ad70-1fdaea27c11e" control-id="sa-4.9">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-4.9_stmt" uuid="267db06e-5550-47ff-9734-f9d2e6f704f4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d42c837f-2526-4ac8-8d24-1add8af53ab1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-4(9) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-366
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="8ee28a5f-de3c-47d8-a3d3-863e2110d3d2" control-id="sa-4.10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sa-4.10_stmt" uuid="6712c5ae-4df1-4d08-99cf-b2387507074b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f45b1f55-9edb-45f4-85ed-b1bbeac70efb" control-id="sa-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-5_stmt.a" uuid="5400ac5f-a05c-423d-9858-4e7a2e44378e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="42bf9c8b-4898-4c22-97ab-2981a11dbf97">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-5(a) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-367
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-5_stmt.a.1" uuid="5a53656d-14da-4d06-999c-983cc9d37122">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="af70c3e9-9576-4846-b323-7dbe56661237">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-5(a)(1) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-367
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-5_stmt.a.2" uuid="e26b3796-8741-4dc5-8d4d-16a2c7a71a0a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2f82b93c-e880-4b4c-ad58-29708bb30021">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-5(a)(2) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-367
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-5_stmt.a.3" uuid="6d3e15fb-088e-4975-8e2a-ef236040f900">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="738ba6dc-d4c4-473b-a84c-99df0db4f66e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-5(a)(3) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-367
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-5_stmt.b" uuid="cf2048c2-2512-4cfd-ae44-0f73cf2af6b4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="82a92105-5236-4d1c-8eca-c15293889034">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-5(b) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-367
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-5_stmt.b.1" uuid="ee4d5460-7e0b-4df3-8026-16f46504764a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c852d52b-4e78-4f86-ad39-3c2fb8feecda">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-5(b)(1) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-367
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-5_stmt.b.2" uuid="9c0b5a9e-55ce-4084-94ea-c2c588d22212">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f899b09b-7f2f-4d5a-ae7e-41bbc4a0841f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-5(b)(2) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-367
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-5_stmt.b.3" uuid="fb21bfac-d62d-4932-a2ab-7c929fbeb2c8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-5_stmt.c" uuid="fee19988-cd1f-4ba4-b170-f6bb31cdc115">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-5_stmt.d" uuid="c8689aa5-cc05-4fb0-bcf0-0e767c9df94f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-5_stmt.e" uuid="a19603a4-be8a-47b7-b182-7357f7f0bcd4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="3d9caa00-cb96-42c9-a63a-8d818f7d9c2e" control-id="sa-8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sa-8_stmt" uuid="1fb6ae20-07e8-42bb-a7dd-0ed7c6828623">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4f3d3760-6a96-4488-9064-b66323171ff5" control-id="sa-9">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sa-9_stmt.a" uuid="790594b4-8dc9-4e6d-a7be-8a4f821d60dc">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-9_stmt.b" uuid="2fdee7a6-17ac-4f3c-8234-e51975aa8bfc">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-9_stmt.c" uuid="f91bbfe1-2590-4996-bbf3-5a931f802ecf">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="1e0c024d-da7f-4c3c-b6fa-9f35abb7d991" control-id="sa-9.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sa-9.1_stmt.a" uuid="77d286f1-3862-4fdc-b034-1cbec7788df0">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-9.1_stmt.b" uuid="5b440203-0c98-4a61-94bc-1739bd25a350">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="16385c4e-e3fa-4c22-8028-e9141a389fe8" control-id="sa-9.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sa-9.2_stmt" uuid="16f50ee2-60ed-402e-a770-f49fb83f6d88">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="73a17370-4c1b-477d-a0a2-43c24dee33fb" control-id="sa-9.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sa-9.4_stmt" uuid="4b181d05-f0f3-42e9-9466-6aac04d5e824">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6c35e9a6-06e1-4006-8a41-cfa8cf5ddbb6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedure/policy and is not
applicable to OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b2aa9d6f-61bf-40d3-aeba-0ec7732ee2c6" control-id="sa-9.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-9.5_stmt" uuid="16533dfd-f21e-4ec2-8dd0-9542839ac740">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="54792531-8522-4bb0-8ed0-a3e463c7ab36">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-9(5) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-368
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="23e70356-2035-4233-a7f4-8370b3d60157" control-id="sa-10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-10_stmt.a" uuid="95684487-9444-4195-8dbb-962f685d5bd5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="53ac6e51-7ce3-4f56-bc71-b6ee264973d3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-10(a) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-369
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-10_stmt.b" uuid="3f0d837b-9027-4ba8-ac9e-9b4f1b9544a5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fa90dca2-ea44-4706-8cb9-2280b5d5f2d1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-10(b) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-369
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-10_stmt.c" uuid="40f2740d-7c38-4a52-aff6-f09b9240678b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fe37bd74-209c-4b2f-acfe-3da20c65069b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-10(c) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-369
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-10_stmt.d" uuid="a1e3cfe6-bafd-4bcf-add0-e2df6c385eda">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="51149b43-7746-4674-81e0-9343b6556130">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-10(d) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-369
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-10_stmt.e" uuid="1d119dee-e436-41b2-ab4d-2dbd8a87a222">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b4b6d4be-f2c6-43b7-9f49-133379f30817">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-10(e) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-369
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4c64a19c-d9a6-4f5f-8362-95028e8a5a27" control-id="sa-10.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-10.1_stmt" uuid="3893e7a9-f701-4695-bb10-3c715ec900de">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="34e5a26a-f4da-4af3-97c9-1b9cd4601ff9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-10(1) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-373
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a86926a5-e735-4a73-83bc-60bc088ce819" control-id="sa-11">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-11_stmt.a" uuid="46fc688a-6a7a-491d-8c9d-f3ca597d33eb">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f34b6662-ab38-41e3-ac72-b08cb8675a4e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-11(a) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-374
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-11_stmt.b" uuid="3c6b0a07-19e1-4b56-8978-84f78e5d41b7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c00fc148-bd08-4f25-aee0-9ad9d3760062">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-11(b) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-374
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-11_stmt.c" uuid="95db2f92-ab21-4cdb-bf9b-41002f9858be">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="77c0e9f2-6558-4dd6-b14e-9a254d3cd9c2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-11(c) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-374
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-11_stmt.d" uuid="efebb503-1b64-4ce9-832c-3be4e01cc4c5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="9b2f4dcf-5965-417a-8706-e9e23c034690">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-11(d) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-374
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-11_stmt.e" uuid="fcf54721-40fd-49b0-af2d-7c710acfa862">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="528f9b93-35a6-4d13-8a0f-acb56b90303c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-11(e) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-374
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="390d4359-e23c-4ea7-a03e-33ab0f771c89" control-id="sa-11.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-11.1_stmt" uuid="78fa5d63-08f1-40f8-aa7f-302d689735df">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3953a8df-4a05-4b03-811c-eecbc5b1115f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-11(e) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-375
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f6a79121-574a-4870-8fd6-f0b7f8e8264b" control-id="sa-11.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-11.2_stmt" uuid="bc1c0016-a06c-4757-af0f-2bebb94fb87b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8a25713a-4531-486b-bb1d-534a8fd9065e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-11(e) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-376
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b2c4d52c-2d22-410b-91fd-6adcafe27600" control-id="sa-11.8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-11.8_stmt" uuid="6bb50194-184f-4669-9484-5e251888ba63">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d5626f4d-3991-4663-8a15-b4c106696880">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-11(e) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-381
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f99a1cbb-dede-4f71-85e7-ec6dea75bbd0" control-id="sa-12">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-12_stmt" uuid="c563269f-4c41-4a77-8ebc-ec51acb22f6a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1bc51b63-9523-4031-8845-df80783e280f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-12 is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-382
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="0f371a25-e91f-4885-9f0f-943e04eead02" control-id="sa-15">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-15_stmt.a" uuid="b66fd6cb-383b-4281-8109-92b4966ce76f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8f74d490-81a7-4297-b413-71ae4a1015f2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-15(a) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-383
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-15_stmt.a.1" uuid="bd3166ec-9fe3-45cf-aa6f-14651b1e28d3">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="eb23a2a8-de80-47aa-9881-041ee04a669a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-15(a)(1) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-383
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-15_stmt.a.2" uuid="1f93b263-b721-4673-acdd-ed89b320f6f3">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4ee92eff-1182-4982-bf5a-ffe29b3679e0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-15(a)(2) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-383
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-15_stmt.a.3" uuid="ac6d04eb-d23f-4686-841d-0ac6d4f58e00">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="0d6c1033-2542-4eb8-b24d-79dd2ab5bb31">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-15(a)(3) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-383
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-15_stmt.a.4" uuid="0a6afb90-82b2-423e-aa27-f03cf47f5e9d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7063db13-5c35-4b99-87b8-ef5e3ad15fa3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-15(a)(4) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-382
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-15_stmt.b" uuid="f3c3d6b5-025b-41d2-82fc-91318fa4d074">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fff64b6c-e115-40bc-b9c1-32ef0891faa9">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-15(b) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-382
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9bb3c0cb-a2a8-46a7-9ca4-b2a4e6f1ef91" control-id="sa-16">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-16_stmt" uuid="1b44cb72-6d8a-4a8d-8437-288906e1ddc2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="90480eb2-7f20-4b67-b557-b325700907b7">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-16 is planned.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="bc6ced25-c598-4c02-a447-25960226df22" control-id="sa-17">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sa-17_stmt.a" uuid="3d8ff4e8-11a7-4163-95af-7fc49f9848c4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="699e84a8-2766-46eb-ad5a-484eb4c9c3a6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-17(a) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-389
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-17_stmt.b" uuid="11528158-c617-414b-80e5-81b5bf49a1da">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="af3ab2ae-ebd4-4242-ae94-c54c59a8e8a8">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-17(b) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-389
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sa-17_stmt.c" uuid="23942290-6e90-4392-9c34-0a2649fa4335">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3378fc76-522a-41f2-a73a-0d670a84dfd0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response to SA-17(c) is planned. Progress
can be tracked at:

https://issues.redhat.com/browse/CMP-389
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="6f1144bd-a44c-4b04-997c-b59d54a710d2" control-id="sc-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sc-1_stmt.a" uuid="1fa652f8-6db2-4210-a8eb-f51d9dc94c1d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sc-1_stmt.b" uuid="ab7e745f-41f6-47a2-a535-600910be8e7c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="591ef3b8-6fee-4e3f-a241-82278e96a4e7" control-id="sc-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-2_stmt" uuid="143cf0ca-c117-4586-a1cd-91947e3f1a18">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fa072737-5175-4d0d-a2ab-e535883b1181">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer is responsible for separating user functionality
including user interface services) from information system management
functionality. A successful control response will indicate how user
and management functionality access is separated.

A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-429
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4585b1a9-f2b6-47c5-9ea1-fe85860e03b5" control-id="sc-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-3_stmt" uuid="47370f6d-b791-4508-9f02-15d432b516ca">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="49b6197f-11f4-40fb-b3fb-0086caf4bae7">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer is responsible for deployment utilizing namespaces,
host roles and other features as well as policies and procedures
to implement and ensure continued isolation of security functions
from non-security functions.

A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-467
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="96f7fae4-b1c4-4625-92ac-3353f07bb6ca" control-id="sc-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-4_stmt" uuid="deb25b8f-b7c0-4ffc-87c3-ddb3e0e9e98b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="617b39ae-8abc-4fb0-9c00-c50746b0d781">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer is responsible for preventing unauthorized and
unintended information transfer via shared system resources. A
successful control response will discuss how this is prevented.

A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-428
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7c68bba4-5d9c-44f2-aad2-9eb8cadced49" control-id="sc-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-5_stmt" uuid="03ef8862-55de-4b8e-89ac-f0803b4547c7">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d12aca87-769c-4968-9b71-135e5bb3a73e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-427
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2ecd1aa4-1ec5-424c-8299-2f1847c78d2d" control-id="sc-6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-6_stmt" uuid="1c65ffd6-790a-45be-9f96-dae549f63731">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="cb086507-2e55-4213-b420-2f757534f30d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer is responsible for the protection and availability of
resources by allocating processor and memory resources by process
priority and resource availability. A successful control response will
discuss how resource availability is protected.

A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-476
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="368ba890-8f67-4d46-a377-ece589a2d2de" control-id="sc-7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-7_stmt.a" uuid="8b3435a7-a508-43df-8f6a-b33ed3730c89">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="625c4e28-1da7-40ae-bd8e-10d07390c4ea">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-426
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sc-7_stmt.b" uuid="98ad9fcb-fb9e-49b2-a07d-5d680ff5b394">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="625c4e28-1da7-40ae-bd8e-10d07390c4ea">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-426
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sc-7_stmt.c" uuid="1ac5f104-c3ac-46ce-a444-15d4ac4437f6">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="625c4e28-1da7-40ae-bd8e-10d07390c4ea">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-426
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="186b2385-1f1a-4a9f-87cb-fa9ba58408bc" control-id="sc-7.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="sc-7.3_stmt" uuid="34c09b45-a0e3-4736-b446-a55a9b2a919e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3c23c58f-8d5c-4070-a9c0-8ae34f8b5eb2">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer is responsible for limiting the number of external
network connetions to the information system. A successful control
response will indicate the rate limiting procedures and technical
enforcement.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="40c87c66-53dc-4c7a-b967-a4c56d768cad" control-id="sc-7.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sc-7.4_stmt.a" uuid="b9b8c5f1-be1c-463b-89a6-f55da7e89336">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="42b18df6-6a61-45a2-bbbb-8278df55804c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Implementing a managed interface for each external telecommunication service
is addressed at the network infrastructure layer and is an organizational
control outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sc-7.4_stmt.b" uuid="535c8a55-e076-4c4f-832a-0689111c527d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8f000ffd-6bcf-444e-86bc-0d6240403c42">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishing a traffic flow policy for each managed interface for each
external telecommuncation service is an organizational control outside the
scope of OpenShift configuration and is typically handled at the network
infrastructure layer.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sc-7.4_stmt.c" uuid="09f0b017-481e-45d6-be8e-58fd0c6249ba">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1129c924-e34d-4f9c-9c92-f732ba16c7ac">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Protecting the confidentiality and integrity of the information being transmitted
across each interface is an organizational control outside the
scope of OpenShift configuration and is typically handled at the network
infrastructure layer.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sc-7.4_stmt.d" uuid="99605571-65d1-4b0e-b820-6f6d4cb27321">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ecf8a969-d110-4dd2-b016-c66831f9c91d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Documenting each exception to the traffic flow policy with a supporting
mission/business need and duration of that need is an organizational control outside the
scope of OpenShift configuration and is typically handled at the network
infrastructure layer.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sc-7.4_stmt.e" uuid="8f644a62-bf77-4048-aee7-d660628f64dc">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3de3cfe2-e7c1-4cb1-b7db-5a472f4b0f84">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Reviewing exceptions to the traffic flow policy per the organizationally defined frequency
and removing exceptions that are no longer supported by an explicit mission/business need
is an organizational control outside the scope of OpenShift configuration and is typically
handled at the network infrastructure layer.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="299dcdaf-d2bd-44b1-9f34-7a83c829a2b4" control-id="sc-7.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="sc-7.5_stmt" uuid="796764c4-2388-42ab-99f8-bdf5a00fb0db">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4b15b06f-d5dc-4fb0-af24-596c93208d35">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for ensuring managed interfaces deny
network traffic by default and allow network communications traffic
by exception (i.e. deny all, permit by exception).

To assist with this organizational control, documentation is being
planned. Progress can be tracked via:

https://issues.redhat.com/browse/CMP-424
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="bcea67a7-eae0-48d6-aa01-b4e2a3a68210" control-id="sc-7.7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sc-7.7_stmt" uuid="cab35424-140c-42cb-9ab7-deae4b0da66d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1152f196-9746-4432-a593-6ee4a6ff7334">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for implementing mechanisms to
ensure OpenShift nodes do not act as proxy or relay servers between
internal and external networks.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7decfaf2-b8e3-498b-ae55-671b24506ec9" control-id="sc-7.8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-7.8_stmt" uuid="833f91c1-8eb3-4422-8059-f8d05cfe7237">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="adba8470-6219-47a4-aeb4-ba166c6b610a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-477
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="679c2de8-d087-4463-8622-1b5cdd1ff547" control-id="sc-7.10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-7.10_stmt" uuid="d73cea55-f22c-4ba1-a9a5-02dd9fafbe04">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="82aa1ba8-6968-43b2-8c19-cbe7df2a6ffc">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-482
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7bcc9d61-0924-4650-a79c-d2bcf6e0bfde" control-id="sc-7.12">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-7.12_stmt" uuid="04b972b1-e2d5-4deb-868d-b1a1bb971393">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c721f916-ebf5-44d2-930a-0f52d3887fec">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for implementing host-based
boundary protection mechanisms. This is often through configuration of
local firewalld and SELinux policies.

A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-483
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f1197a21-c333-4172-a38d-61974c0d7104" control-id="sc-7.13">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-7.13_stmt" uuid="24191c4d-9451-4c9e-abbb-6b1e57bf12eb">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b9ee1f34-09bd-4973-b7ed-91901cf226cc">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for ensuring that OpenShift is
isolated from other internal information system components by
implementing physically separate subnetworks with managed
interfaces to other components of the system. A successful control
response will discuss the networking configuration to satisfy this
control.

A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-484
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7e0070ef-c09f-48d1-9579-efebc49bb27b" control-id="sc-7.18">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-7.18_stmt" uuid="6bc5981d-371a-4efe-91bb-23f0994ae97b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f446eca6-5b4d-47c8-815d-301752b4d6ae">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-488
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9b22263a-6581-43bd-9229-7c6c2e20bc77" control-id="sc-7.20">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="sc-7.20_stmt" uuid="d56944e9-176b-469f-9616-3f55ab9f86ae">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1f635877-5d6e-4ea7-a1bb-a73604c5fa9a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control is met when SELinux is enabled and configured properly
with namespaces being used as well.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="64438902-f29d-4aa4-8a62-4853674b24e2" control-id="sc-7.21">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-7.21_stmt" uuid="5983e354-e073-4af8-8f42-ae69e1bd7b14">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="143bf9a5-3bbb-47ff-a892-bce11a26ef04">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-489
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="5204cabf-dbf5-4d92-9cd1-804354d80d7a" control-id="sc-8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="sc-8_stmt" uuid="10ab3b1d-fa32-4dfb-b7f0-c5c4f924b33c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7fee56b6-5600-43e3-9132-b328cd2e17aa">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for configuring TLS for transmitted
information.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d79b39ec-b75a-4d9d-b839-2f28d69d9e98" control-id="sc-8.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="sc-8.1_stmt" uuid="84d59cbe-40c4-4f22-8df4-1246640eef00">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="acd8d90a-0f39-4844-acf7-6a4ed7f9b815">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for implimenting cryptographic
mechanisms to prevent unauthorized disclosure of information and
detect changes to information during transmission. A successful
control response will detail how encryption is used for all
network communications that carry customer data.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="df5e51eb-966c-402f-98c6-1bc7cb654de8" control-id="sc-10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-10_stmt" uuid="49fd79b3-99f8-474f-82f2-797e2fcb4835">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3fcef049-edaf-49f1-ae92-34545047b7a3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for terminating network connections
at the end of the session or after no longer than 30 minutes of
inactivity. A successful control response will document the technical
means on how this is established.

A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-422
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a74d4d8e-2ecb-4aac-9c24-abeeed19850a" control-id="sc-12">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-12_stmt" uuid="85337f2d-857e-401d-8a16-ff1cbaca80dc">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="0ed18e31-b4b0-47a5-a053-e139ca63c5f6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-421
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="63ab894b-cf8f-4a84-9833-1d270552f36b" control-id="sc-12.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-12.1_stmt" uuid="212fc07b-7b23-44fb-9faa-e66e524fbe4a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="3a4db13e-65b6-4b6a-9f33-5d4e6c86902d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-497
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f654668f-472a-4fbf-a522-57b6eecda6b0" control-id="sc-12.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-12.2_stmt" uuid="67ed0c07-b5b2-435c-bf22-d186feeafb91">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c7cd35cb-8dd1-4c8c-be3a-46ce4c45892f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-498
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="573937d5-283f-457f-8b61-cf35b660c70a" control-id="sc-12.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-12.3_stmt" uuid="a440cef9-784e-4366-a8cb-6d94f9df94bd">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="90872c45-14ad-48c2-8509-c00f5833d23f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-499
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="03947a78-12ad-4fc8-a947-cd02e7de8fdc" control-id="sc-13">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-13_stmt" uuid="abbbba59-7105-407d-8a2a-47371938c821">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="928ec4b6-10a7-478e-b5fb-95abffde0a9e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-420
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="33b5b086-7214-4783-a0c5-ba185fda8e71" control-id="sc-15">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sc-15_stmt.a" uuid="22e07405-dd19-4fe8-a698-f29ef5735dd5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ad2a338e-3009-48c4-b0d5-ef04fb863b32">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Examples of collaborative computing devices include networked white
boards, TV conference cameras, and remote video systems. This control
is not applicable because Red Hat OpenShift Container Platform is not
a collaborative computing device.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sc-15_stmt.b" uuid="ca736a8c-d2fb-4c10-8a69-03137dea9b7c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ad2a338e-3009-48c4-b0d5-ef04fb863b32">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Examples of collaborative computing devices include networked white
boards, TV conference cameras, and remote video systems. This control
is not applicable because Red Hat OpenShift Container Platform is not
a collaborative computing device.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9c076857-d661-4be2-95d3-920782a6606d" control-id="sc-17">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-17_stmt" uuid="1287771e-ed58-4c87-87ba-d0cc3a5a201d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f6c49247-3dbc-4eba-a1d7-c293a52eef9a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-419
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="59ba49a5-f687-4224-aece-d0a9bb94e1b5" control-id="sc-18">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="sc-18_stmt.a" uuid="d1b9d625-add0-4a4b-85d4-9bd95d0ec719">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="114c57ea-d393-4155-aeae-c3fc55e99699">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Defining acceptable and unacceptable mobile code and mobile code technologies
are organizational policies/procedures outside the configuration of OpenShift.

In support of developing policies/procedures for mobile code and mobile code technologies
OpenShift ships with a JavaScript implementation that is used to power the graphical
web console that is accessible through a web browser.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sc-18_stmt.b" uuid="7ec821bc-9bdb-47cd-b102-c239b04cf6e5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8eeef5cf-f7eb-448a-926b-3bbc65e5784b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Establishing usage restrictions and implementation guidance for acceptable
mobile code and mobile code technologies are organizational policies/procedures
outside the configuration of OpenShift.

In support of developing usage restrictions and implementation guidance for acceptable
mobile code and mobile code technologies, OpenShift ships with a JavaScript implementation
that is used to power the graphical web console that is accessible through a web browser.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sc-18_stmt.c" uuid="21b3f744-2fa4-4360-b635-fb0433a7c833">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ef9f9588-dbed-4a4a-be56-40eb10bbf0fd">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for authorizing, monitoring, and
controlling the use of mobile code within the system in accordance
with organizational policies defined in SC-18(a) and SC-18(b).

In support of authorizing, monitoring, and controlling the use of mobile code,
OpenShift ships with a JavaScript implementation that is used to power the graphical
web console that is accessible through a web browser.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="bc408d6f-99ea-4a9f-b808-c973d7933495" control-id="sc-19">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-19_stmt.a" uuid="267f7ba8-5551-46c4-a4cd-b91d6b92c2ea">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sc-19_stmt.b" uuid="992aef3c-4eb9-4a40-a0d6-5eba74b1990b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="9a61a484-9036-4b36-a33c-746889aac4f7">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for authorizing, monitoring, and
controlling the use of VoIP within the system in accordance with
organizational policies defined in SC-19(a).
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="e8aba7c2-acb4-4654-b1d5-e600a651d4c3" control-id="sc-20">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-20_stmt.a" uuid="a438c5ea-e94c-44e1-9c84-4d29a630732b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8d60a17e-515b-4a94-821a-de75ff70ced1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift administrators are responsible for providing
origin authentication and integrity verification artifacts along
with authoritative name resolution data returns in response. A
successful control response will discuss the technical means used to
accomplish this.

A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-417
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="sc-20_stmt.b" uuid="3b9bf6aa-8da0-4050-bb86-c3357e8d9f0d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="76baf97e-0a1f-4b12-bb26-a59e03124332">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift administrators are responsible for
providing means to indicate the security status of child zones and
enable verification of a chain of trust among parent and child domains.
A successful control response will discuss the technical means used to
accomplish this.

A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-417
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="da3b2e54-60d1-41e3-b896-f2a552c14e83" control-id="sc-21">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-21_stmt" uuid="f867e4c6-14b4-4a68-9487-4ddc85948e03">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="bf848318-eaf0-482c-9d30-409fc7062381">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-410
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="5fee0dd7-b1f6-4891-98bd-848c114c8822" control-id="sc-22">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-22_stmt" uuid="81094d0d-abb6-44fe-b96d-302346ffb9a8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ec8d8758-4010-4e53-bf8f-07d498fe1433">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>OpenShift administrators are responsible for ensuring
services are fault-tolerant and implement internal/external role
separation.

A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-409
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="55f35173-b26b-446c-84e9-4d9c3403963f" control-id="sc-23">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-23_stmt" uuid="c6fbdad1-b354-4172-bf6e-6d9004084a83">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="d91fa822-db8a-44f5-8ade-232b776bd79a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for guarding against, for
example, man in the middle or session hijacking attacks for
connections to the customer application, for example via the
use of TLS. A successful control response will address the
various types of attacks against session authenticity and the
mechanisms used to protect against those attacks.

OpenShift uses various TLS algorithms and ciphers to protect
the authenticity of communications sessions.

A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-408
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b985a08c-0c77-45bf-aee6-6f338f66844c" control-id="sc-23.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-23.1_stmt" uuid="cd72eb89-b726-49e1-9c75-43eaa350ceed">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="680c783f-957d-497c-ad0a-b7b30e965b29">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-503
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="760dc535-35d5-4aaa-a424-d6f48867e4c5" control-id="sc-24">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-24_stmt" uuid="420dd762-6c23-49b2-b672-06fb5d6978fa">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="9c361032-37ec-4037-9c35-181d6eab1e82">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-506
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2f992720-6db0-4356-8634-6339b0d6cda8" control-id="sc-28">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-28_stmt" uuid="8ef6d238-c643-47a9-852d-368fa7d3e931">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="32649326-f922-49d4-bd77-0b13901bf763">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-407
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="2fdd7a56-3726-4eb1-bfcf-5e176b9a3034" control-id="sc-28.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="sc-28.1_stmt" uuid="71a057ff-989d-433f-9ba8-138a0d68cd4b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8e0ee74f-bb55-464d-aee1-4aac52eb7bb3">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer is responsible for implementing cryptographic
mechanisms to prevent unauthorzed disclosure and modification of
customer data. A successful control response will outline how
cryptography is used to ensure integrity of data in rest and
transport.

When running on Red Hat Enterprise Linux, full disk encryption
is possible for data at rest on the OpenShift nodes. For data
in transport, OpenShift uses cryptographic algorithms and ciphers to
protect confidentiality and integrity of data in transport.

A complete control response is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-509
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="3acd7bd4-240b-494c-8272-e84c423da259" control-id="sc-39">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="sc-39_stmt" uuid="5172fcb7-d81e-45a4-83f6-e6231c3cc750">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="5e973918-9963-4200-bcef-aaa99887d3a1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The control is met when SELinux and namespaces are enabled and used.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="0e8f74e1-33d5-490e-8ac7-915f29de22fd" control-id="si-1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-1_stmt.a" uuid="89bb11fc-5456-4431-b5f0-9f781b3a5730">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-1_stmt.a.1" uuid="11d47f68-9baa-4b99-8e12-9ea77692cd34">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-1_stmt.a.2" uuid="41bb516d-57c2-400a-aa40-9bdbda591302">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-1_stmt.b" uuid="448424c2-d63d-47a9-820c-f87eb4d1d61e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-1_stmt.b.1" uuid="15a10a6e-2916-42cc-a2b7-02aa6cb1c31d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-1_stmt.b.2" uuid="1cedc5bd-d780-421e-af4f-0cb3453299cb">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="acd2c7f7-78db-433e-b76e-fb6644fa7a8c" control-id="si-2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-2_stmt.a" uuid="150a4ab4-9760-4f58-8c29-f44da3d0a040">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b3fc37ef-182c-4e56-bfb4-7aa0866c8659">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for analyzing their OpenShift deployment for
flaws, reporting on those flaws, and correcting them. A successful
control response will include a discussion of the process by which
flaws are discovered and remediated, as well as tools that are used to
assist in detection and remediation.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-2_stmt.b" uuid="75906d70-3ce6-45e4-b658-5eb304210d53">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ced799b7-8fcf-4128-ada3-51e5a2540b61">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for testing OpenShift updates
related to flaw remediation prior to installation. A successful
control response will discuss the testing process (e.g. the
nature of the test environment, the types of testing performed,
the tools in testing, etc.).
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-2_stmt.c" uuid="2aca2ec6-b658-4a2a-9869-7a9cd31e5aed">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-2_stmt.d" uuid="eb56e9a2-e774-4c5f-b5fe-252e51a2ffe2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="215e150b-3030-414c-abb0-d250f8d5e88c" control-id="si-2.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-2.1_stmt" uuid="5a8ec765-bc42-4136-b844-0322400dc658">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="236427d0-9b5c-4fa0-9296-8eaf8c701c8f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for SI-2(1) is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-526
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="25e6bb3e-56cc-4987-892a-3e681e6f3441" control-id="si-2.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-2.2_stmt" uuid="166767a9-51b0-49a0-a1bf-86af3fa2e962">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="775d5517-24f7-404a-ba5b-c641b36f0d73">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be required to employ automated mechanisms on a
monthly basis to determine the state of information system components
with regard to flaw remediation on their information systems as
required by their organizations policy. A successful control response
will address the customers use of automated tools such as Nessus to
perform periodic and on-demand scans through their system to determine
the state of system components with regard to flaw remediation.

A control response for SI-2(2) is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-405
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d38d4178-a27f-4336-8b18-b771c6fa51a2" control-id="si-2.3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-2.3_stmt.a" uuid="317b7580-7849-4b11-a98b-c0688f66bb36">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="94fd875b-e9bc-4031-a6d1-5e97de9e3abb">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer is responsible for scanning for flaws in their
information systems and for measuring the time between flaw
identification and flaw remediation. A successful control response
will need to address the time between flaw identification and
remediation using timestamps and calculates the time elapsed
difference.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-2.3_stmt.b" uuid="f4581556-4d4d-44c8-b3e7-51cda1e2d642">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1c229540-247c-4453-8c66-d276fc9bf466">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for scanning for flaws in their
information systems and for establishing benchmarks for taking
correctie actions according to their organizational policies. A
successful control response will need to address the use of
benchmarks to remediate high, and moderate risk flaws within a
customer defined period after a flaws discovery.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d03e35c4-20d8-4401-8054-29203a44f102" control-id="si-3">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-3_stmt.a" uuid="cb35531b-7b7e-4234-a016-f42f9495dedf">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8feb56f5-7538-4f7d-9600-abf7be214a63">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer is responsible for ensuring that they employ malicious
code protection at information system entry, and exit points to detect
and eradicate malicious code. A successful control response will need
to address use of code protection mechanisms to protect assets from
malicious software (i.e. Viruses, malware, rootkits, worms, and
scripts). In regards to OpenShift, this is generally through
the use of third party tools.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-3_stmt.b" uuid="1f80555f-bc6f-4222-a1b9-328f6e963a2b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="40235cf0-b670-42af-9cce-e65e5d66994b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Updating malicious code protection mechanisms whenever new releases
are available in accordance with organizational configuration
management policy and procedures is an organizational control outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-3_stmt.c" uuid="93198438-e9d0-4c8c-85f9-69a2fe14725e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="62b6ff60-503b-43b8-b8ce-d55f1b66f3a0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Configuring malicious code protection mechanisms is an organizational control outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-3_stmt.c.1" uuid="c8b61a4d-ef1e-4312-99fd-46a971c468ca">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b2fe1168-6387-408f-a6ff-ffad317babd0">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Performing periodic scans of the information system per organization-defined frequency
and real-time scans of files from external sources via endpoints or network entry/exit
points as the files are downloaded, opened, or executed in accordance with organizational
security policy is an organizational control outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-3_stmt.c.2" uuid="dbbf2830-fcb7-43e0-a25f-462b52458e6f">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="843974a3-151a-4498-b7ce-bc4b79db5ba8">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Blocking malicious code, quarantining malicious code, sending alerts to administrator, or
some other organization-defined action in response to malicious code detection is an organizational control outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-3_stmt.d" uuid="756f51fa-f7b8-4e68-8136-c111a2527e73">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="38eadf00-e46c-4362-bef2-72cbd283d26b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Addressing the receipt of false positives during malicious code detection and eradication
and the resulting potential impact on the availability of the information system is an organizational control outside
the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="1cb9ce8c-a065-4e29-8ce4-cf2326fb5635" control-id="si-3.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-3.1_stmt" uuid="eb659309-6941-4e3f-b759-e9650d65d7f4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e3e4d451-1297-4cb9-948a-5c981fa69b20">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer is responsible for ensuring that their malicious code
protection mechanisms are centrally managed. A successful control
response will need to address that the planning, implementing,
assessing, authorizing and monitoring of their malicious code
protection mechanism is centered in one location.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="18ccdba5-ad8c-4be5-bc88-3d1aa521f7fc" control-id="si-3.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-3.2_stmt" uuid="f025634a-0829-43ea-a63b-43512c51068b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f9640d91-db08-4e76-86bd-d5f90fb4fe43">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer is responsible for ensuring that they update their
malicious code protection mechanisms automatically when new versions/
definitions become available. A successful control response will need
to address that the employed malicious code protection
mechanisms definitions are configured to be updated automatically.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="cf3810d4-c2f2-4aae-9d19-8a62dc9eff70" control-id="si-3.7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-3.7_stmt" uuid="c8f35cf2-5a10-456f-ae5d-d11ebbb2e481">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="7cee870d-007c-4f0a-a265-2c7467b1ffd4">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer is responsible for ensuring that they implement a
nonsignature-based malicious code detection mechanism on their
information system. A successful control response will need to address
a nonsignature based detection mechanism that can detect, analyze and
describe the characteristics or behavior of malicious code and
could provide safeguards against malicious code for which signatures
do not yet exist.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="25c959c5-8a92-4f38-a617-7cae7084371a" control-id="si-4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-4_stmt.a" uuid="f7f8ef33-a9ed-4edb-bb56-258b61657b9c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-4_stmt.a.1" uuid="5da408eb-abe2-4c82-b6c7-92a1a4a90cb0">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-4_stmt.a.2" uuid="1397afde-4529-4488-9431-5793335b0f1e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="37ed665d-3ebe-4bfd-9e6f-2ef07d234d14">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Monitoring the system to detect unauthorized local, network, and remote connections
is an organizational control outside the scope of OpenShift configuration.
Functionality to meet this control can be provided by a third party vendor.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-4_stmt.b" uuid="927dcfd6-d65d-44cb-ae8a-0262022e472e">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="8643ab34-5004-4e6f-8d27-7b6cf51c3d30">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Identifying unauthorized use of the information system through organization-defined
techniques and methods is an organizational control outside the scope
of OpenShift configuration. Functionality to meet this control can be provided by a third party vendor.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-4_stmt.c" uuid="3b2f5ae7-8a1c-4e5a-976e-98a5c25e7920">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="12e67e7e-f874-4a36-b1ff-cdcf0b59eb76">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Deploying monitoring devices is an organizational control outside the scope of OpenShift configuration.
Functionality to meet this control can be provided by a third party vendor.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-4_stmt.c.1" uuid="c7b17e51-9eb3-4bde-946a-5caae90737ca">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="955c6e53-d7bb-4843-bf72-663b90900ff1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Deploying monitoring devices strategically within the information system to collect organization-determined
essential information is an organizational control outside the scope of OpenShift configuration.
Functionality to meet this control can be provided by a third party vendor.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-4_stmt.c.2" uuid="993e77dd-845f-42e4-998b-bba17a7296b3">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="dac05c6e-105b-45b6-98b5-fb90db5d1d65">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Deploying monitoring devices at ad hoc locations within the system to track specific types of transactions
of interest to the organization is an organizational control outside the scope of OpenShift configuration.
Functionality to meet this control can be provided by a third party vendor.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-4_stmt.d" uuid="394a954f-2bd5-4ae9-8746-3fbf6c212a1a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="efcd1844-0d69-4003-85e3-9e4ca79094f6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Protecting information obtained from intrusion-monitoring tools from unauthorized access,
modification, and deletion is an organizational control outside the scope of OpenShift configuration.
Functionality to meet this control can be provided by a third party vendor.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-4_stmt.e" uuid="d65da8b5-977c-4240-80b8-a8313ff5d93d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-4_stmt.f" uuid="294b5994-af2e-48bf-b955-944a37af62e3">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-4_stmt.g" uuid="e2f86efe-2dce-4ca9-b769-a2abe286e1ce">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="66008e4c-18e0-494c-a330-a7bd09ee451c" control-id="si-4.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-4.1_stmt" uuid="08000796-1afe-454a-9a67-eeca19611a96">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2ac18faa-f282-461c-b17f-e9c723ac1768">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for integrating intrusion detection
tools into the OpenShift environment, and documenting how this
capability is integrated into enterprise-wide intrusion detection
systems when applicable. A successful control response will address
the workflow between local and enterprise intrusion detection
systems.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a466564a-c24e-44f5-a371-0d118c5aad09" control-id="si-4.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-4.2_stmt" uuid="bfec4448-35cc-4e5b-95c3-e12ba645a0ba">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="158a60d2-2cb0-4c25-87b6-2a893330343c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for deploying automated tools to
support near real-time analysis of events in their infrastructure.
This is frequently provided by corporate services outside the
information system, e.g. centralized security operation centers may
host an enterprise logging solution. A successful control response
will indicate who is responsible for hosting such capabilities, and
what technology and processes are in place to support near-realtime
analysis of events.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="7b2489d5-2f6f-4d1f-b59f-dca4ae41798a" control-id="si-4.4">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-4.4_stmt" uuid="ad0d0571-b244-4c86-9d3d-b043dda2a718">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6e96419b-1e8a-4449-84f4-3d330c160a20">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for identifying how and where
network traffic is continuously monitored. Frequently this control
is inherited from network and Infrastructure as a Service providers,
such as Microsoft Azure. A successful control response will indicate
if this control is inherited from infrastructure providers, and if
not, how network traffic is continuously monitored.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9ed28fbd-039e-4879-824c-5fb5fa40ada4" control-id="si-4.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-4.5_stmt" uuid="7d9d1d38-f847-436f-80f1-5f2040122816">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="ae281442-f332-407e-959e-52cb7a2dd9df">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for automatic notification of
appropriate staff when indicators of compromise are detected.
Frequently this is accomplished by automatic alerting to Security
Operations Center staff. A successful control response will indicate
who is notified, by name or position title(s), and the mechanism of
the notification.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="459f6945-85fa-427d-ab8a-33bb92ea39e9" control-id="si-4.11">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-4.11_stmt" uuid="24b7252d-7fd5-4ee4-9f72-feacc50f239a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="77b509be-7cf7-42e8-8ff7-b10b248717d5" control-id="si-4.14">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-4.14_stmt" uuid="27cd3a44-7a05-485e-a403-03f55d64a5d4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="532e540d-6cc1-47a9-b4d8-2ff09efdef2c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>An OpenShift infrastructure does not have wireless capabilities.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="07d7972f-8d1d-4f42-ad1a-42cede0f3a4c" control-id="si-4.16">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-4.16_stmt" uuid="816c1b9b-678c-4cd0-9101-99a2ad18fea9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="a9202c5d-7097-4f4d-95f1-5de0b334241b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for aggregating and correlating
information from monitoring tools, for multiple system components.
This is frequently accomplished with centralized audit reduction
tools.

A control response for SI-4(16) is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-536
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="d2cbb742-daaa-4125-9ee3-dbd658af64cf" control-id="si-4.18">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-4.18_stmt" uuid="cf285747-2532-438c-9878-d8429e3dc8ef">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2e1eb355-99c5-490f-b12e-117555710770">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for SI-4(18) is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-537
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="41a535d0-af56-451b-998d-445154a12ca3" control-id="si-4.19">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-4.19_stmt" uuid="2006bd02-9d69-43ee-8c87-41d6860430dc">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f16c7058-e89e-432e-8074-212ed7efe6d4" control-id="si-4.20">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-4.20_stmt" uuid="9871f713-8749-4cdc-88de-3485f7f23fde">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="da2241b7-a23b-4049-98f2-1c78a7285774">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for SI-4(20) is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-538
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a7fd1508-2b77-4f5c-b286-dc3d3f76ee1b" control-id="si-4.22">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-4.22_stmt" uuid="07a995c2-3bc5-4012-9c79-8cd666cf90d8">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="2fd10c0d-6887-46e1-8445-2236ca57468b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for SI-4(20) is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-539
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="98028f8c-5930-4998-bd26-08155dabbfa5" control-id="si-4.23">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-4.23_stmt" uuid="adcd815e-3474-4e31-83ee-9a98d83170b2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="542dc884-02ac-4274-8e10-10149db2dcfa">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for installing host-based monitoring
mechanisms. A successful control response will need to discuss how
various elements of the OpenShift infrastructure are monitored.

A control response for SI-4(20) is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-540
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="772e7b5f-a085-4dbd-83c6-5b8ac9eab8e6" control-id="si-4.24">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-4.24_stmt" uuid="c3b3fd35-3364-472b-bf7c-783221a95a5d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="f28d76d9-f570-4cd7-962b-5587092f4b5d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for SI-4(20) is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-541
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="8ec27eb7-4619-44ff-822a-10bd87aac4bc" control-id="si-5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-5_stmt.a" uuid="c8795528-b8a9-4880-8f17-7a55bc53c906">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="94eea260-5303-4773-96a0-4cb854595954">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for SI-5(a) is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-396
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-5_stmt.b" uuid="2e01a8dc-26a1-49f5-bbd9-392a1a482ed6">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e219191d-4e17-405b-b8ea-02e60bccd5ab">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Receiving information system security alerts, advisories, and directives from
organization-defined external organizations on an ongoing basis is an
organizational procedures/policies outside the scope of OpenShift configuration.

How to configure organization notifications for Red Hat security advisories on Red
Hat specific products can be accomplished following the following documentation:

https://access.redhat.com/security/updates/advisory
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-5_stmt.c" uuid="b95cab0b-0eb3-47e7-9811-d137e81fcaf5">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="9d1ce87e-ebc5-4d36-a0cc-af9f4a4e7285">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Disseminating security alerts, advisories, and directives to organization-defined
personnel or roles, organization-defined elements within the organization,
organization-defined external organizations are organizational
procedures/policies outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-5_stmt.d" uuid="b2a66012-d185-46c1-b29d-7bacf1416509">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6e91ce37-4368-4594-a977-44aba9a99ac6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Implementing security directives in accordance with established time frames or notifying
the issuing organization of the degree of noncompliance is an organizational
procedures/policies outside the scope of OpenShift configuration.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="971931cc-4e53-47a6-8903-108202f8af60" control-id="si-5.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-5.1_stmt" uuid="db3f3f20-5509-45ac-8e29-3e7042d49379">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="db734672-4491-4bc0-83df-6e1c367064c4" control-id="si-6">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-6_stmt.a" uuid="705d5b25-1cc4-4a17-a467-dcba7f7eb858">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1be72547-09fa-4e5d-97b8-90d5d6f5c3da">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for verifying the correct operation
of security functions within customer-controlled operating systems and
software. A successful control response will need to discuss the
security functions deemed necessary to verify, as well as the means
for testing the correct operation and resolving any issues found.

A control response for SI-6 is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-542
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-6_stmt.b" uuid="c8938a79-90df-4705-8f84-0851a5571634">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4df99302-8afa-42b5-ad64-d171a878c25c">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for performing security function
verification at customer-specified frequencies and under
customer-specified circumstances (to include the requirements stated
by FedRAMP). A successful control response will need to address the
rationale for selection of the specific frequency and circumstances
of security function verification.

A control response for SI-6 is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-542
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-6_stmt.c" uuid="644fd87b-44c6-4637-a737-837a44d925ff">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="0edc2e83-d6aa-4a31-9980-0091fa7f777d">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for notifying appropriate personnel
of failed security verification tests. A successful control response
will need to outline the personnel or roles selected (to include
system administrators and security personnel as required by FedRAMP).

A control response for SI-6 is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-542
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-6_stmt.d" uuid="ea6a903d-35f5-4cb6-9fb6-1b881404cf76">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="474dceb6-7148-4aa4-92c1-2489caded95b">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for performing appropriate actions
in response to anomalies in security unction verifiation. A successful
control response will need to discuss the actions taken (to include
notification of system administrators and security personnel as
required by FedRAMP) as well as the rationale for selecting these
actions.

A control response for SI-6 is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-542
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="75b37a46-3c5d-4af3-b138-3dd476964635" control-id="si-7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-7_stmt" uuid="8f7edc4b-595d-481e-95ef-290b4ef632cc">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="51c1d92f-ecb2-4ea3-a509-a65151878115">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for employing integrity verification
tools for customer-controlled operating systems and software. A
successful control response will need to discuss the tools in use and
the integrity-checking mechanisms these tools employ.

A control response for SI-7 is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-394
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="ca455f35-8815-4603-b38f-dbd91fcb6a79" control-id="si-7.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-7.1_stmt" uuid="b9e27bf9-5e74-407b-bc19-f1ee19c96e3d">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="1a3da903-2950-443c-ba74-bffeec06af44">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for performing integrity checks at
customer-specific frequencies and under customer-specified
circumstances (including frequencies and circumstances specified by
FedRAMP). A successful control response will need to identify the
criteria for performing integrity checking, as well as the rationale
for selecting those criteria.

A control response for SI-7(1) is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-395
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="acb16927-d2fc-4225-a852-db8327ab867a" control-id="si-7.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-7.2_stmt" uuid="d5bc44ab-8cc9-492c-82a6-822e33ec89be">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="fe84e8d0-f2df-4ab8-ae9d-e9941839979e">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for SI-7(2) is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-545
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="f0149f2e-d5c6-4d98-b81f-c8113b528173" control-id="si-7.5">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-7.5_stmt" uuid="77115b5d-35ea-4f75-b0fc-b65825e7950b">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="e1f9e992-9496-4294-b9cd-0cdc1fdb827f">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>A control response for SI-7(5) is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-547
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="238745f8-f792-4744-a556-4d37fb719e92" control-id="si-7.7">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-7.7_stmt" uuid="f803d629-a5f1-49e6-9c48-f8817f6513e4">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="9f731fc9-6a66-4606-aac9-e5e632291a57">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for incorporating the detection of
customer-defined security-relevant changes into the customers incident
response capability. A successful control response will need to
outline the process for deeming particular changes as
security-relevant and the means by which the incident response
capability is invoked when needed.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="4bdde144-9f59-4019-b792-7456e4ff2d73" control-id="si-7.14">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-7.14_stmt.a" uuid="c905c226-3790-49b7-8fd0-f7a31c0e75f9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-7.14_stmt.b" uuid="0b2f469f-68d0-49de-8826-af14a48340b9">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="434e2e8f-99a5-403b-af5d-747b508b2d22">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies, and is not
applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="6f5a333b-f2ff-476c-b54c-74553e72f6a7" control-id="si-8">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-8_stmt.a" uuid="ac0f7d09-61f4-4a9c-a2b9-525120f97297">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c4cb9324-8810-4f94-bd8c-0c85b6ce695a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies that
are not applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-8_stmt.b" uuid="f31b8176-bb94-4199-9f49-82454ea49c29">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c4cb9324-8810-4f94-bd8c-0c85b6ce695a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies that
are not applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="a1b96e2a-325f-4eb4-b83a-96ba0aac1dc5" control-id="si-8.1">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-8.1_stmt" uuid="6e868698-9ad3-48a4-a4d0-fb0e39d54cfb">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c4cb9324-8810-4f94-bd8c-0c85b6ce695a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies that
are not applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="cb776500-b818-4fe9-b109-bc38c53e9c2b" control-id="si-8.2">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-8.2_stmt" uuid="219a5678-ef0b-4908-a040-fc3001dadb7a">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="c4cb9324-8810-4f94-bd8c-0c85b6ce695a">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>This control reflects organizational procedures/policies that
are not applicable to the configuration of OpenShift.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="5637a065-2c41-4b1c-8392-b5ffc146062e" control-id="si-10">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-10_stmt" uuid="ed487876-7061-4778-96a1-04a08a800007">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="230d9846-c77c-44ce-970a-06f688716e92">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for checking the validity of
information inputs to customer-controlled operating systems and
software. A successful control response will need to discuss the
specific inputs for which the validity is checked, the rationale
for selecting those inputs for validity checking, and the response
taken by the system to invalid inputs.

A control response for SI-10 is planned. Engineering progress can be
tracked via:

https://issues.redhat.com/browse/CMP-393
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="9d4f8c58-966a-48c6-ac16-f1be1ae2dd35" control-id="si-11">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="complete"></annotation>
      <statement statement-id="si-11_stmt.a" uuid="a55473ef-7114-43c7-98ad-4015560fa82c">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="6f9fb551-baaa-44eb-94b9-d95e13448ee6">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>In OpenShift, the logs depend greatly on the component. Some
components would just write messages to stdout that the cluster
administrator can retrieve logs through the use of the `oc` command.
Some components emit events, and others emit a Prometheus metric which
the API server would write into their logs.

For the OCP components that run in a container (most operators),
the usual RBAC rules would prevent a non-admin user from reading
the container logs or events.

OpenShift error message handling is designed to obscure or not log
sensitive information such as passwords, credit card numbers, social
security information, account information, etc.
</p></remarks>
        </by-component>
      </statement>
      <statement statement-id="si-11_stmt.b" uuid="0e20cfd6-f6a6-484f-9b51-643953bd0ce2">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="06c151a0-f34d-4bf1-a89b-fd089b157b75">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>By default, the API server logs are protected by UNIX permissions and
only cluster administrators are allowed access to logs.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="b1a1d601-8791-4d0c-8bbb-027ee58dcb42" control-id="si-12">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="planned"></annotation>
      <statement statement-id="si-12_stmt" uuid="d5b07424-e2c1-4d00-9ec9-19ae396fdf63">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="b53f03e2-1235-4a29-ba26-5b7ebc6674a1">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>The customer will be responsible for handling and retaining
information within, or hosted by, OpenShift in
accordance with applicable federal laws, Executive Orders,
directives, policies, regulations, standards, and operational
requirements. A successful control response will need to outline
the specific requirements applicable to customer information
handling and retention, and the means by which those requirements
are met.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
    <implemented-requirement uuid="07b05c21-ca99-4770-897b-7afb45267bc6" control-id="si-16">
      <annotation name="implementation-status" ns="https://fedramp.gov/ns/oscal" value="not-applicable"></annotation>
      <statement statement-id="si-16_stmt" uuid="82384d89-06fa-413f-b7bf-575a6a296515">
        <by-component component-uuid="bdba9d56-2be4-498d-8d31-b43cab6a44bd" uuid="4a0cbc1f-3514-414b-90d4-49d2a3e0eebe">
          <description><p>Describe how is the software component satisfying the control.</p></description>
          <remarks><p>Red Hat OpenShift Container Platform inherits memory protections
provided by the underlying operating system. This control is not
applicable to Red Hat OpenShift Container Platform.
</p></remarks>
        </by-component>
      </statement>
    </implemented-requirement>
  </control-implementation>
  <back-matter>
    <resource uuid="3a5ca2de-0f66-47e6-844d-6ccdf214b767">
      <title>FedRAMP Applicable Laws and Regulations</title>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">fedramp-citations</prop>
      <rlink href="https://www.fedramp.gov/assets/resources/templates/SSP-A12-FedRAMP-Laws-and-Regulations-Template.xlsx"></rlink>
    </resource>
    <resource uuid="12da89ef-51dd-4404-948d-e9f0e25b961e">
      <title>FedRAMP Master Acronym and Glossary</title>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">fedramp-acronyms</prop>
      <rlink href="https://www.fedramp.gov/assets/resources/documents/FedRAMP_Master_Acronym_and_Glossary.pdf"></rlink>
    </resource>
    <resource uuid="d45612a9-cf25-4ef6-b2dd-69e38ba2967a">
      <title>[SAMPLE]Name or Title of Document</title>
      <prop name="type" ns="https://fedramp.gov/ns/oscal">law</prop>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Publication Date</prop>
      <doc-id type="doi">Identification Number</doc-id>
      <rlink href="https://domain.example/path/to/document.pdf"></rlink>
    </resource>
    <resource uuid="a8a0cc81-800f-479f-93d3-8b8743d9b98d">
      <title>[SAMPLE]Privacy-Related Law Citation</title>
      <prop name="type" ns="https://fedramp.gov/ns/oscal">law</prop>
      <prop name="type" ns="https://fedramp.gov/ns/oscal">pii</prop>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Publication Date</prop>
      <doc-id type="doi">Identification Number</doc-id>
      <rlink href="https://domain.example/path/to/document.pdf"></rlink>
    </resource>
    <resource uuid="545e75c3-537f-48fe-9630-95337916d982">
      <title>[SAMPLE]Regulation Citation</title>
      <prop name="type" ns="https://fedramp.gov/ns/oscal">regulation</prop>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Publication Date</prop>
      <doc-id type="doi">Identification Number</doc-id>
      <rlink href="https://domain.example/path/to/document.pdf"></rlink>
    </resource>
    <resource uuid="9d6cf2b4-8e88-4040-a33c-7bc206553a1a">
      <title>[SAMPLE]Interconnection Security Agreement Title</title>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Document Date</prop>
      <prop name="version" ns="https://fedramp.gov/ns/oscal">Document Version</prop>
    </resource>
    <resource uuid="31a46c4f-2959-4287-bc1c-67297d7da60b">
      <desc>CSP Logo</desc>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">prepared-for-logo</prop>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">csp-logo</prop>
      <rlink href="./logo.png" media-type="image/png"></rlink>
      <base64>00000000</base64>
    </resource>
    <resource uuid="c5866ad8-8ed7-49b4-844a-0276fa9f8f51">
      <desc>Preparer Logo</desc>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">prepared-by-logo</prop>
      <rlink href="./party-1-logo.png" media-type="image/png"></rlink>
      <base64>00000000</base64>
    </resource>
    <resource uuid="0846b6ef-cfa4-4bb3-8280-717f7e7b04d4">
      <desc>FedRAMP Logo</desc>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">fedramp-logo</prop>
      <rlink href="https://github.com/GSA/fedramp-automation/raw/master/assets/FedRAMP_LOGO.png"></rlink>
    </resource>
    <resource uuid="2c1747d6-874a-49a2-8488-2fd9735416bf">
      <desc>3PAO Logo</desc>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">3pao-logo</prop>
      <rlink href="./logo.png" media-type="image/png"></rlink>
      <base64>00000000</base64>
    </resource>
    <resource uuid="d2eb3c18-6754-4e3a-a933-03d289e3fad5">
      <desc>The primary authorization boundary diagram.</desc>
      <rlink href="./diagrams/boundary.png"></rlink>
      <base64>00000000</base64>
      <remarks>
            <p>Section 9.2, Figure 9-1 Authorization Boundary Diagram (graphic)</p>
            <p>This should be referenced in the
               system-characteristics/authorization-boundary/diagram/link/@href flag using a value
               of "#d2eb3c18-6754-4e3a-a933-03d289e3fad5"</p>
         </remarks>
    </resource>
    <resource uuid="61081e81-850b-43c1-bf43-1ecbddcb9e7f">
      <desc>The primary network diagram.</desc>
      <rlink href="./diagrams/network.png"></rlink>
      <base64>00000000</base64>
      <remarks>
            <p>Section 9.4, Figure 9-2 Network Diagram (graphic)</p>
            <p>This should be referenced in the
               system-characteristics/network-architecture/diagram/link/@href flag using a value
               of "#61081e81-850b-43c1-bf43-1ecbddcb9e7f"</p>
         </remarks>
    </resource>
    <resource uuid="ac5d7535-f3b8-45d3-bf3b-735c82c64547">
      <desc>The primary data flow diagram.</desc>
      <rlink href="./diagrams/dataflow.png"></rlink>
      <base64>00000000</base64>
      <remarks>
            <p>Section 10, Figure 10-1 Data Flow Diagram (graphic)</p>
            <p>This should be referenced in the
               system-characteristics/data-flow/diagram/link/@href flag using a value
               of "#ac5d7535-f3b8-45d3-bf3b-735c82c64547"</p>
         </remarks>
    </resource>
    <resource uuid="090ab379-2089-4830-b9fd-26d0729e22e9">
      <title>Policy Title</title>
      <desc>Policy document</desc>
      <prop name="type" ns="https://fedramp.gov/ns/oscal">policy</prop>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Document Date</prop>
      <prop name="version" ns="https://fedramp.gov/ns/oscal">Document Version</prop>
      <rlink href="./sample_policy.pdf"></rlink>
      <base64>00000000</base64>
      <remarks>
            <p>Table 15-1 Attachments: Policy Attachment</p>
         </remarks>
    </resource>
    <resource uuid="ab300133-d749-4abb-b858-1cd6ffd8af9e">
      <title>Policy Title</title>
      <desc>Policy document</desc>
      <prop name="type" ns="https://fedramp.gov/ns/oscal">policy</prop>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Document Date</prop>
      <prop name="version" ns="https://fedramp.gov/ns/oscal">Document Version</prop>
      <rlink href="./sample_policy.pdf"></rlink>
      <base64>00000000</base64>
      <remarks>
            <p>Table 15-1 Attachments: Policy Attachment</p>
         </remarks>
    </resource>
    <resource uuid="1002a58e-9e11-4aa6-9ab4-2bde52995952">
      <title>Procedure Title</title>
      <desc>Procedure document</desc>
      <prop name="type" ns="https://fedramp.gov/ns/oscal">procedure</prop>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Document Date</prop>
      <prop name="version" ns="https://fedramp.gov/ns/oscal">Document Version</prop>
      <rlink href="./sample_procedure.pdf"></rlink>
      <base64>00000000</base64>
      <remarks>
            <p>Table 15-1 Attachments: Procedure Attachment</p>
         </remarks>
    </resource>
    <resource uuid="4bb1e2e5-261c-4b5c-b22c-e1627c2e8be6">
      <title>Procedure Title</title>
      <desc>Procedure document</desc>
      <prop name="type" ns="https://fedramp.gov/ns/oscal">procedure</prop>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Document Date</prop>
      <prop name="version" ns="https://fedramp.gov/ns/oscal">Document Version</prop>
      <rlink href="./sample_procedure.pdf"></rlink>
      <base64>00000000</base64>
      <remarks>
            <p>Table 15-1 Attachments: Procedure Attachment</p>
         </remarks>
    </resource>
    <resource uuid="90a128ac-c850-48f6-8fff-a55692f80b41">
      <title>User's Guide</title>
      <desc>User&#39;s Guide</desc>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">user-guide</prop>
      <prop name="type" ns="https://fedramp.gov/ns/oscal">guide</prop>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Document Date</prop>
      <prop name="version" ns="https://fedramp.gov/ns/oscal">Document Version</prop>
      <rlink href="./sample_guide.pdf"></rlink>
      <base64>00000000</base64>
      <remarks>
            <p>Table 15-1 Attachments: User's Guide Attachment</p>
         </remarks>
    </resource>
    <resource uuid="fab59751-b855-40cb-93c1-492562e20e18">
      <title>Privacy Impact Assessment</title>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">privacy-impact-assessment</prop>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Document Date</prop>
      <prop name="version" ns="https://fedramp.gov/ns/oscal">Document Version</prop>
      <rlink href="./pia.docx"></rlink>
      <base64 filename="pia.docx">00000000</base64>
      <remarks>
            <p>Table 15-1 Attachments: Privacy Impact Assessment</p>
         </remarks>
    </resource>
    <resource uuid="489112e1-57f2-4c29-8dd0-95b1442fbf3b">
      <title>Document Title</title>
      <desc>Rules of Behavior</desc>
      <prop name="conformity" ns="https://fedramp.gov/ns/oscal">rules-of-behavior</prop>
      <prop name="type" ns="https://fedramp.gov/ns/oscal">rob</prop>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Document Date</prop>
      <prop name="version" ns="https://fedramp.gov/ns/oscal">Document Version</prop>
      <rlink href="https://sample"></rlink>
      <base64>00000000</base64>
      <remarks>
            <p>Table 15-1 Attachments: Rules of Behavior (ROB)</p>
         </remarks>
    </resource>
    <resource uuid="c7860916-f2f4-43aa-b578-d48cf8e6d381">
      <title>Document Title</title>
      <desc>Contingency Plan (CP)</desc>
      <prop name="type" ns="https://fedramp.gov/ns/oscal">plan</prop>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Document Date</prop>
      <prop name="version" ns="https://fedramp.gov/ns/oscal">Document Version</prop>
      <rlink href="https://sample"></rlink>
      <base64>00000000</base64>
      <remarks>
            <p>Table 15-1 Attachments: Contingency Plan (CP) Attachment</p>
         </remarks>
    </resource>
    <resource uuid="ab56cf27-0dae-40d6-89b7-d750137309af">
      <title>Document Title</title>
      <desc>Configuration Management (CM) Plan</desc>
      <prop name="type" ns="https://fedramp.gov/ns/oscal">plan</prop>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Document Date</prop>
      <prop name="version" ns="https://fedramp.gov/ns/oscal">Document Version</prop>
      <rlink href="https://sample"></rlink>
      <base64>00000000</base64>
      <remarks>
            <p>Table 15-1 Attachments: Configuration Management (CM) Plan Attachment</p>
         </remarks>
    </resource>
    <resource uuid="3f771ab5-8016-4571-98d1-f0fb962e15e2">
      <title>Document Title</title>
      <desc>Incident Response (IR) Plan</desc>
      <prop name="type" ns="https://fedramp.gov/ns/oscal">plan</prop>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Document Date</prop>
      <prop name="version" ns="https://fedramp.gov/ns/oscal">Document Version</prop>
      <rlink href="https://sample"></rlink>
      <base64>00000000</base64>
      <remarks>
            <p>Table 15-1 Attachments: Incident Response (IR) Plan Attachment</p>
         </remarks>
    </resource>
    <resource uuid="49fb4631-1da2-41ca-b0b3-e1b1006d4025">
      <title>Separation of Duties Matrix</title>
      <desc>Separation of Duties Matrix</desc>
      <prop name="publication" ns="https://fedramp.gov/ns/oscal">Document Date</prop>
      <prop name="version" ns="https://fedramp.gov/ns/oscal">Document Version</prop>
      <rlink href="https://sample"></rlink>
      <base64>00000000</base64>
      <remarks>
            <p>Table 15-1 Attachments: Separation of Duties Matrix Attachment</p>
         </remarks>
    </resource>
    <resource uuid="9f1aae37-7359-411f-86c1-768aaab85e63">
      <title>FedRAMP High Baseline</title>
      <rlink href="https://raw.githubusercontent.com/usnistgov/OSCAL/v1.0.0-milestone3/content/fedramp.gov/xml/FedRAMP_HIGH-baseline_profile.xml" media-type="application/xml"></rlink>
      <remarks>
            <p>Pointer to High baseline content in OSCAL.</p>
         </remarks>
    </resource>
    <resource uuid="890170c3-d4fa-4d25-ab96-8e4bf7cc237c">
      <title>FedRAMP Moderate Baseline</title>
      <rlink href="https://raw.githubusercontent.com/usnistgov/OSCAL/v1.0.0-milestone3/content/fedramp.gov/xml/FedRAMP_MODERATE-baseline_profile.xml" media-type="application/xml"></rlink>
      <remarks>
            <p>Pointer to Moderate baseline content in OSCAL.</p>
         </remarks>
    </resource>
    <resource uuid="2acaf846-5496-4d36-8565-9a15b48aef2c">
      <title>FedRAMP Low Baseline</title>
      <rlink href="https://raw.githubusercontent.com/usnistgov/OSCAL/v1.0.0-milestone3/content/fedramp.gov/xml/FedRAMP_LOW-baseline_profile.xml" media-type="application/xml"></rlink>
      <remarks>
            <p>Pointer to Low baseline content in OSCAL.</p>
         </remarks>
    </resource>
  </back-matter>
</system-security-plan>