| SPR-8 |
The [organization] shall ensure that the allocated security safeguards operate in a coordinated and mutually reinforcing manner.{SV-MA-6}{CA-7(5),PL-7,PL-8(1),SA-8(19)}
|
Independent controls that operate in isolation may create security gaps or conflicting behaviors. Coordinated safeguards ensure that encryption, authentication, partitioning, and monitoring functions reinforce each other rather than undermine availability or safety. This reduces bypass risk and improves fault/cyber response integration. Cohesive operation is essential for resilient mission assurance.
|
| SPR-345 |
The [organization] shall update the inventory of spacecraft components as an integral part of component installations, removals, and spacecraft updates.{SV-MA-4,SV-SP-4}{CM-8(1),CA-7,CM-2,CM-3}
|
Accurate inventory enables vulnerability tracking and incident response. Lifecycle updates prevent undocumented changes. Asset visibility strengthens security management. Configuration awareness reduces blind spots.
|
| SPR-346 |
The [organization] shall implement, as part of an A&A process, a Continuous Monitoring Program (CMP) that evaluates the effectiveness of security control implementations on a recurring pre-defined basis.{SV-DCO-1}{CA-7,PM-31}
|
Ongoing evaluation detects drift in control effectiveness. Continuous monitoring strengthens adaptive defense. Recurring review identifies degradation early. Proactive oversight enhances resilience.
|
| SPR-378 |
The [organization] shall establish and maintain processes to manage and oversee independent assessors, including their qualifications, roles, and responsibilities.{SV-DCO-1}{CA-2(1),CA-7(1)}
|
Independent assessors shall be individuals or entities external to the operational chain of command and not involved in the development, implementation, or operations of the system under assessment.
|
| SPR-383 |
The [organization] shall employ independent assessors or assessment teams to monitor the effectiveness of security controls in the system on an ongoing basis.{SV-DCO-1}{CA-7(1)}
|
Independent review enhances objectivity. Ongoing evaluation detects control degradation. Separation strengthens trust. Independent oversight improves mission resilience.
|
| SPR-384 |
The [organization] shall modify control implementations, the frequency of continuous monitoring activities, and the types of activities used in the continuous monitoring process based on trend analysis of empirical data.{SV-DCO-1}{CA-7(3)}
|
Empirical data informs adaptive defense. Trend-driven adjustments prevent static control stagnation. Continuous refinement strengthens posture. Data-driven governance enhances effectiveness.
|
| SPR-385 |
The [organization] shall monitor, as part of the continuous monitoring strategy, the following: implementation of risk response measures; effectiveness of the risk response implementation; configuration changes that may impact security{SV-DCO-1}{CA-7(4)}
|
Monitoring risk response implementation ensures corrective actions are effective. Tracking configuration changes prevents drift. Continuous oversight reduces exposure window. Structured feedback loops strengthen resilience.
|
| SPR-386 |
The [organization] shall implement automated mechanisms to assist in the execution and implementation of the Continuous Monitoring Program (CMP).{SV-DCO-1}{CA-7(6)}
|
Automation ensures continuous monitoring activities are consistent, repeatable, and not dependent on manual effort. Space systems generate large volumes of telemetry that require automated analysis to detect trends and anomalies. Automation reduces human error and accelerates response timelines. This strengthens adaptive security posture over the mission lifecycle.
|
| SPR-527 |
The [organization] shall ingest vendor advisories, SBOM deltas, and provenance changes for components/toolchains into the Continuous Monitoring Program and correlate exposure with the “as‑flown” configuration to prioritize mitigations.{SV-SP-6,SV-SP-4,SV-DCO-1}{CA-7,CA-7(6),CM-8}
|
Exposure must be evaluated against actual deployed versions. SBOM deltas enable precise mitigation prioritization. Continuous ingestion strengthens responsiveness. Configuration awareness improves risk management.
|
| SPR-536 |
The [organization] shall capture on‑board and ground evidence, produce an “as‑run” timeline with decisions/assumptions, and feed findings into updated playbooks, training, twin/flatsat scenarios, risk registers, and baselines, verifying changes via rehearsal.{SV-DCO-1}{IR-4,CA-7}
|
Post-incident reconstruction improves institutional learning. Feeding findings into twins and training strengthens preparedness. Verification via rehearsal ensures improvement. Continuous feedback supports maturity.
|
| SPR-537 |
The [organization] shall define event‑driven triggers for rapid risk reassessment (e.g., new images/bitstreams, key rotations, partner‑station onboarding, notable anomalies, vendor advisories) and rehearse fast‑turn evaluations in a twin/flatsat to drive decisions within one or two passes.{SV-SP-6,SV-SP-9}{RA-3,RA-3(1),CA-7}
|
Triggers ensure timely re-evaluation after impactful events. Flatsat rehearsal validates mitigation feasibility. Rapid cycles align with limited contact windows. Structured agility strengthens mission defense.
|