>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-8(20)Security and Privacy Engineering Principles | Secure Metadata Management

IL5
IL6

>Control Description

Implement the security design principle of secure metadata management in organization-defined systems or system components.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

The principle of secure metadata management states that metadata are first class objects with respect to security policy when the policy requires either complete protection of information or that the security subsystem be self-protecting. The principle of secure metadata management is driven by the recognition that a system, subsystem, or component cannot achieve self-protection unless it protects the data it relies on for correct execution. Data is generally not interpreted by the system that stores it.

It may have semantic value (i.e., it comprises information) to users and programs that process the data. In contrast, metadata is information about data, such as a file name or the date when the file was created. Metadata is bound to the target data that it describes in a way that the system can interpret, but it need not be stored inside of or proximate to its target data.

There may be metadata whose target is itself metadata (e.g., the classification level or impact level of a file name), including self-referential metadata. The apparent secondary nature of metadata can lead to neglect of its legitimate need for protection, resulting in a violation of the security policy that includes the exfiltration of information. A particular concern associated with insufficient protections for metadata is associated with multilevel secure (MLS) systems.

MLS systems mediate access by a subject to an object based on relative sensitivity levels. It follows that all subjects and objects in the scope of control of the MLS system are either directly labeled or indirectly attributed with sensitivity levels. The corollary of labeled metadata for MLS systems states that objects containing metadata are labeled.

As with protection needs assessments for data, attention is given to ensure that the confidentiality and integrity protections are individually assessed, specified, and allocated to metadata, as would be done for mission, business, and system data.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What acquisition policies and procedures address the requirements of SA-8(20)?
  • How are security and privacy requirements integrated into the acquisition process?
  • Who is responsible for ensuring that acquisitions comply with SA-8(20)?

Technical Implementation:

  • How are security requirements defined and documented in acquisition contracts?
  • What mechanisms ensure that acquired systems and services meet security requirements?
  • How do you validate that vendors and service providers comply with specified security controls?

Evidence & Documentation:

  • Can you provide examples of acquisition documentation that includes security requirements?
  • What evidence demonstrates that acquired systems meet security specifications?
  • Where is acquisition security documentation maintained throughout the system lifecycle?

Ask AI

Configure your API key to use AI features.