Plan Information
Referenced System Security Plan
SSP Location: ../system-security-plans/Ubuntu-System-ssp-dora/system-security-plan.json
Assessment Activities
Automated Security Scanning
Automated vulnerability scanning and configuration compliance checks using OSCAP
method: TEST
assessment-type: automated
Steps:
1. Run Security Compliance Scan
Execute security compliance scan against the inventory items
2. Analyze Results
Review scan results and identify non-compliant controls
Manual Control Testing
Manual review and testing of security controls that cannot be automated
method: EXAMINE
assessment-type: manual
Steps:
1. Document Review
Review security policies, procedures, configurations, and evidence artifacts
2. Interview Personnel
Interview system administrators and security personnel
Resilience and Response Validation
Validate operational resilience, response, and recovery capabilities across the Ubuntu fleet
method: TEST
assessment-type: scenario-based
Steps:
1. Scenario Walkthrough
Review incident, disruption, and recovery scenarios applicable to the system
2. Evidence Correlation
Correlate technical evidence with implemented controls and procedures
Assessment Tools & Platforms
OpenSCAP Scanner
tool-type: scanner
tool-version: 1.3.x
Evidence Review Toolkit
tool-type: analysis
tool-version: 1.0
Controls Under Review
Assessment of controls for the EU DORA baseline
assessment-baseline: EU DORA
control-selection: all-imported-controls
Systems Under Assessment
System inventory items
Type: inventory-item
Number of subjects: 6
Assessment Tasks & Schedule
Assessment Kickoff
action
Schedule and conduct the assessment kickoff meeting
Execute Automated and Manual Assessment Activities
action
Perform automated scans, document review, interviews, and validation activities
Assessment Results Ready
milestone
Complete evidence review and prepare assessment results