-
Notifications
You must be signed in to change notification settings - Fork 7
Security Processes and Procedures
Audit logs shall be manually reviewed on a weekly basis using the audit log review saved filters on https://logs.fr.cloud.gov/app/home
Infrastructure events shall be manually reviewed on a weekly basis using the events log
On a weekly basis, run terraform plan
and verify that there is no drift in the terraform configuration.
On a weekly basis, run cf network-policies
and verify that they are in agreement with terraform baseline.
See the access control SOP for user account review steps.
On a weekly basis, run terraform plan
and verify that there is no drift in the terraform configuration.
On a weekly basis, run cf network-policies
and verify that they are in agreement with terraform baseline.
On a monthly basis, cloud.gov accounts and service keys across all spaces shall be reviewed. Any accounts that weren't properly removed during user off-boarding shall then be removed.