NIST 800-53 REV 5 • SYSTEM AND SERVICES ACQUISITION

SA-17(8)Orchestration

Design {{ insert: param, sa-17.08_odp.01 }} with coordinated behavior to implement the following capabilities: {{ insert: param, sa-17.08_odp.02 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Security resources that are distributed, located at different layers or in different system elements, or are implemented to support different aspects of trustworthiness can interact in unforeseen or incorrect ways. Adverse consequences can include cascading failures, interference, or coverage gaps. Coordination of the behavior of security resources (e.g., by ensuring that one patch is installed across all resources before making a configuration change that assumes that the patch is propagated) can avert such negative interactions.

Practitioner Notes

Design for orchestration — the ability to coordinate security controls across multiple systems and components to provide a unified security posture.

Example 1: Design your security architecture with central orchestration in mind. Use a SIEM (Microsoft Sentinel) as the central hub that receives data from all security controls (endpoint protection, firewalls, identity systems) and orchestrates responses through SOAR playbooks.

Example 2: Implement security orchestration through Azure Logic Apps or Microsoft Sentinel playbooks. When an identity risk is detected (impossible travel, credential leak), the orchestration automatically disables the account, revokes active sessions, notifies the security team, and creates an incident ticket — all without manual intervention.

More System and Services Acquisition Controls

SA-1 Policy and Procedures SA-2 Allocation of Resources SA-3 System Development Life Cycle SA-3(1) Manage Preproduction Environment