-
Notifications
You must be signed in to change notification settings - Fork 7
Security Processes and Procedures
Ryan Ahearn edited this page Jan 28, 2021
·
6 revisions
Audit logs shall be manually reviewed on a weekly basis using the audit log review saved filters on https://logs.fr.cloud.gov/app/home
Infrastructure events shall be manually reviewed on a weekly basis using the events log
On a weekly basis, run terraform plan
and verify that there is no drift in the terraform configuration.
On a weekly basis, run cf network-policies
and verify that they are in agreement with terraform baseline.
See the access control SOP for user account review steps.
Cloud.gov accounts shall also be reviewed at the same time, and any accounts that weren't properly removed during user off-boarding shall then be removed.