NIST 800-53 REV 5 • SYSTEM AND SERVICES ACQUISITION

SA-8(17)Secure Distributed Composition

Implement the security design principle of secure distributed composition in {{ insert: param, sa-08.17_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

The principle of secure distributed composition states that the composition of distributed components that enforce the same system security policy result in a system that enforces that policy at least as well as the individual components do. Many of the design principles for secure systems deal with how components can or should interact. The need to create or enable a capability from the composition of distributed components can magnify the relevancy of these principles. In particular, the translation of security policy from a stand-alone to a distributed system or a system-of-systems can have unexpected or emergent results. Communication protocols and distributed data consistency mechanisms help to ensure consistent policy enforcement across a distributed system. To ensure a system-wide level of assurance of correct policy enforcement, the security architecture of a distributed composite system is thoroughly analyzed.

Practitioner Notes

Secure distributed composition means that when multiple components or services work together across a distributed system, the overall security is not weaker than any individual component.

Example 1: In a microservices architecture, enforce security at every service boundary, not just at the edge. Each microservice should authenticate and authorize requests from other services using mutual TLS or service-to-service tokens, not just trust any request that comes from within the private network.

Example 2: When integrating cloud services from multiple providers, ensure consistent security policies across all of them. If one provider encrypts data at rest but another does not, the overall system's security is limited by the weakest link. Document the security properties of each component and verify the composition maintains your required security level.

More System and Services Acquisition Controls

SA-1 Policy and Procedures SA-2 Allocation of Resources SA-3 System Development Life Cycle SA-3(1) Manage Preproduction Environment