Skip to content

Security Processes and Procedures

Jump to bottom
Ryan Ahearn edited this page Jan 28, 2021 · 6 revisions

Audit Log Reviews

App Audit Review

Audit logs shall be manually reviewed on a weekly basis using the audit log review saved filters on https://logs.fr.cloud.gov/app/home

Infrastructure Log Review

Infrastructure events shall be manually reviewed on a weekly basis using the events log

Infrastructure Reviews

On a weekly basis, run terraform plan and verify that there is no drift in the terraform configuration.

On a weekly basis, run cf network-policies and verify that they are in agreement with terraform baseline.

Application Account Reviews

See the access control SOP for user account review steps.

Infrastructure Reviews

On a weekly basis, run terraform plan and verify that there is no drift in the terraform configuration.

On a weekly basis, run cf network-policies and verify that they are in agreement with terraform baseline.

On a monthly basis, cloud.gov accounts and service keys across all spaces shall be reviewed. Any accounts that weren't properly removed during user off-boarding shall then be removed.

Office of Head Start TTA Hub

System Operations

Project Charter

Research Plan and Log of Activities

TTA Hub Feedback Table

Product Roadmap

The User Base

Current Capabilities

Authority to Operate (ATO) Requirements

Training Plan and Guide

Glossary of Head Start Terms

Glossary of Agile Terms

Clone this wiki locally