The activity and it steps will be performed by the assessor and facilitated by + owner, ISSO, and product team for the IFA GoodRead system with necessary + information and access about least privilege design and implementation of the + system's elements: the application, web framework, server, and cloud account + infrastructure.
+The assessor will obtain network access with appropriately configured VPN + account to see admin frontend to the application for PAO staff, which is + only accessible via VPN with an appropriately configured role for PAO staff + accounts.
+The assessor will obtain access to the GoodRead Product Team's AwesomeCloud + account with their single sign-on credentials to a read-only assessor role.
+The assessor will obtain non-privileged account credentials with the PAO + staff role to test this role in the application does not permit excessive + administrative operations.
+The assessor will confirm that the load balancer for public access does not + allow access to Admin Frontend of the application from the Internet.
+The assessor will confirm that user's logged into the GoodRead Application + with the PAO staff role cannot add, modify, or disable users from the + system.
+The assessor will confirm with web-based interface and API methods users with + the PAO Staff role cannot access the Django admin panel functions and + interactively change application's database records.
+The assessor for the IFA GoodRead Project, including the application and + infrastructure for this information system, are within scope of this assessment.
+Per IFA's use of NIST SP-800 53A, the assessor, with the support of the owner, + information system security officer, and product team for the IFA GoodRead project, + will examine least privilege design and implementation with the following:
+The activity and it steps will be performed by the assessor via their security + automation platform to test least privilege design and implementation of the + system's elements, specifically the cloud account infrastructure, as part of + continuous monitoring.
+The GoodRead system engineer will coordinate with the assessor's engineering + support staff to configure an IAM role trust. A service account for + automation with its own role with the assessor's AwesomeCloud account can + assume the role for read-only assessor operations within the GoodRead + Product Team's AwesomeCloud account for continuous monitoring of least + privilege.
+This step is complete.
+GoodRead Product Team and SCA Engineering Support configured the latter's + cross-account role trust and authentication and authorization in to the + former's account on May 29, 2023.
+The assessor's security automation platform will create a session from their + dedicated will obtain access to the GoodRead Product Team's AwesomeCloud + account with their single sign-on credentials to a read-only assessor role.
+This step is complete.
+GoodRead Product Team and SCA Engineering Support tested scripts from the + security automation platform interactively on May 30, 2023, to confirm they + work ahead of June 2023 continuous monitoring cycle.
+Once authenticated and authorized with a cross-account session, the security + automation pipeline will execute scripts developed and maintained by the + assessor's engineering support staff. It will analyze the permitted actions + for the developer and system engineer roles in the GoodRead Product Team's + AwesomeCloud account to confirm they are designed and implement to + facilitate only least privilege operation. Examples are included below.
+Automated monthly continuous monitoring of the GoodRead information system's cloud + infrastructure recorded observations below. Additionally, contingent upon the + confidence level of the observations and possible risks, confirmed findings may be + opened.
+The activity and it steps will be performed by the assessor via their + security automation platform to test least privilege design and + implementation of the system's elements, specifically the cloud account + infrastructure, as part of continuous monitoring.
+Test AwesomeCloud IAM Roles for least privilege design and implementation.
+The assessor's security automation platform analyzed all roles specific to the
+ GoodRead Product Team, not those managed by the Office of Information
+ Technology. The IFA-GoodRead-SystemEnginer role in their respective
+ AwesomeCloud account permitted use of the following high-risk actions.
Both of these actions are overly permissive and not appropriate for the business + function of the staff member assigned this role.
+Test AwesomeCloud IAM Roles for least privilege design and implementation.
+The assessor's security automation platform detected that the developer's role is + permitted to perform only permissible actions in the GoodRead AwesomeCloud + account in accordance with the agency's least privilege policy and procedures.
+A user in the GoodRead cloud environment with the privileges of a system engineer + can exceed the intended privileges for their related business function. They can + delete all historical audit records and remove important security monitoring + functions for the IFA Security Operations Center staff.
+An account without proper least privilege design and implementation can be used + to surreptitiously add, change, or delete cloud infrastructure to the too + managing all links to IFA's communication to public citizens, potentially + causing significant harm with no forensic evidence to recover the system. + Regardless of the extent and duration of a potential incident, such a + configuration greatly increases the risk of an insider threat if there were + likely to a potential insider threat in the GoodRead Product Team.
+If such an insider threat existed and acted with this misconfigruatio, the + resulting event could cause significant financial and reputational risk to IFA's + Administrator, executive staff, and the agency overall.
+The assessor's security automation platform detected that the system engineer's + role is permitted to perform the following actions in the GoodRead AwesomeCloud + account.
+The system engineer is not permitted to modify these services and their role was + incorrectly configured.
+This is a finding.
+The following is a short excerpt from ISO/IEC 27002:2013, Information technology — Security techniques — Code of practice for information security controls. This work is provided here under copyright fair use
for non-profit, educational purposes only. Copyrights for this work are held by the publisher, the International Organization for Standardization (ISO).
To establish a management framework to initiate and control the implementation and operation of information security within the organization.
-To establish a management framework to initiate and control the implementation and operation of information security within the organization.
+All information security responsibilities should be defined and allocated.
A value has been assigned to
A cross link has been established with a choppy syntax: (choppy).
Allocation of information security responsibilities should be done in accordance with the information security policies. Responsibilities for the protection of individual assets and for carrying out specific information security processes should be identified. Responsibilities for information security risk management activities and in particular for acceptance of residual risks should be defined. These responsibilities should be supplemented, where necessary, with more detailed guidance for specific sites and information processing facilities. Local responsibilities for the protection of assets and for carrying out specific security processes should be defined.
Individuals with allocated information security responsibilities may delegate security tasks to others. Nevertheless they remain accountable and should determine that any delegated tasks have been correctly performed.
Areas for which individuals are responsible should be stated. In particular the following should take place:
Many organizations appoint an information security manager to take overall responsibility for the development and implementation of information security and to support the identification of controls.
However, responsibility for resourcing and implementing the controls will often remain with individual managers. One common practice is to appoint an owner for each asset who then becomes responsible for its day-to-day protection.
@@ -70,14 +69,14 @@Conflicting duties and areas of responsibility should be segregated to reduce opportunities for unauthorized or unintentional modification or misuse of the organization’s assets.
Care should be taken that no single person can access, modify or use assets without authorization or detection. The initiation of an event should be separated from its authorization. The possibility of collusion should be considered in designing the controls.
Small organizations may find segregation of duties difficult to achieve, but the principle should be applied as far as is possible and practicable. Whenever it is difficult to segregate, other controls such as monitoring of activities, audit trails and management supervision should be considered.
Segregation of duties is a method for reducing the risk of accidental or deliberate misuse of an organization’s assets.
To limit access to information and information processing facilities.
An access control policy should be established, documented and reviewed based on business and information security requirements.
Asset owners should determine appropriate access control rules, access rights and restrictions for specific user roles towards their assets, with the amount of detail and the strictness of the controls reflecting the associated information security risks.
Access controls are both logical and physical and these should be considered together.
Users and service providers should be given a clear statement of the business requirements to be met by access controls.
The policy should take account of the following:
Care should be taken when specifying access control rules to consider:
Access control rules should be supported by formal procedures and defined responsibilities.
Role based access control is an approach used successfully by many organizations to link access rights with business roles.
Two of the frequent principles directing the access control policy are:
Users should only be provided with access to the network and network services that they have been specifically authorized to use.
A policy should be formulated concerning the use of networks and network services. This policy should cover:
The policy on the use of network services should be consistent with the organization’s access control policy
MongoDB is a source-available, cross-platform document-oriented - database program. Classified as a NoSQL database program, MongoDB - uses JSON-like documents with optional schemas.
+MongoDB is a source-available, cross-platform document-oriented database program. + Classified as a NoSQL database program, MongoDB uses JSON-like documents with optional + schemas.
MongoDB control implementations for NIST SP 800-53 revision 5.
-MongoDB's implementation of SC-8 control. The details of the implementation are provided at the statement level.
+MongoDB's implementation of SC-8 control. The details of the implementation are + provided at the statement level.
MongoDB implements TLS 1.x to protect the
MongoDB implements TLS 1.x to protect the
MongoDB implements cryptographic mechanisms (TLS 1.x) to provide cryptographic protection for data in transit.
+MongoDB implements cryptographic mechanisms (TLS 1.x) to provide cryptographic + protection for data in transit.
To implement cryptographic mechanisms (aka enable TLS 1.x) to PEMKeyFile option in the configuration file /etc/mongod.conf to the certificate file's path and restart the component.
To implement cryptographic mechanisms (aka enable TLS 1.x) to PEMKeyFile option
+ in the configuration file /etc/mongod.conf to the certificate file's path
+ and restart the component.
Must ensure that MongoDB only listens for network - connections on authorized interfaces by configuring the MongoDB - configuration file to limit the services exposure to only the - network interfaces on which MongoDB instances should listen for - incoming connections.
+Must ensure that MongoDB only listens for network connections on authorized interfaces + by configuring the MongoDB configuration file to limit the services exposure to only the + network interfaces on which MongoDB instances should listen for incoming connections.
NIST Special Publication 800-53 Revision 5: Moderate Baseline Profile
-NIST Special Publication 800-53 Revision 5: Moderate Baseline Profile
+Examine Django Framework for least privilege design and implementation.
+The assessor attempted to access the admin panel while logged into the GoodRead application as a PAO staff user. They were able to see the admin panel and directly edit database records for the application using the Django Framework's admin panel.
+Test AwesomeCloud IAM Roles for least privilege design and implementation.
+The assessor's security automation platform analyzed all roles specific to the GoodRead Product Team, not those managed by the Office of Information Technology. The IFA-GoodRead-SystemEnginer role in their respective AwesomeCloud account permitted use of the following high-risk actions.
Both of these actions are overly permissive and not appropriate for the business function of the staff member assigned this role.
+A user with the privileges of a PAO staff user can exceed the intended privileges for their related business function and directly edit the database for the GoodRead application.
+An account without proper least privilege design and implementation can be used to significantly damage links created by the tool for use by public citizens, potentially causing a national outage. If an outage were to occur, IFA and Government policy will require the CIO of the agency to notify the Department of Homeland Security and the public.
+Such an event will cause significant financial and reputational risk to IFA's Administrator, executive staff, and the agency overall.
+The GoodRead application is designed and implemented to only allow access to the administrative functions for those with PAO staff fole via the VPN via network configuration between the IFA Enterprise Support Systems and the GoodRead AwesomeCloud account. Additionally, the load balanacer configuration only allows access to view shortlinks from the public internet.
+The GoodRead Product Team does not have sufficient personnel and budget to implement the required changes in their use of the Django Framework and its configuration in this quarter. With the consultation of the ISSO and the assessor, the owner of the GoodRead system has decided to accept this risk until the end of December 2023. From September to December, budget will be available for the Good Read Product Team's developer and system engineer to completely disable the functionality that is the source of the risk and its originating finding.
+The owner, ISSO, and product team of the GoodRead Project intend to complete the necessary development between September 2023 and December 2023. Whether or not the necessary development for remedation is complete, the product team's project manager will submit the final annual report. They will identify this work item and whether it has been completed.
+A user in the GoodRead cloud environment with the privileges of a system engineer can exceed the intended privileges for their related business function. They can delete all historical audit records and remove important security monitoring functions for the IFA Security Operations Center staff.
+An account without proper least privilege design and implementation can be used to surreptitiously add, change, or delete cloud infrastructure to the too managing all links to IFA's communication to public citizens, potentially causing significant harm with no forensic evidence to recover the system. Regardless of the extent and duration of a potential incident, such a configuration greatly increases the risk of an insider threat if there were likely to a potential insider threat in the GoodRead Product Team.
+If such an insider threat existed and acted with this misconfigruatio, the resulting event could cause significant financial and reputational risk to IFA's Administrator, executive staff, and the agency overall.
+The GoodRead Product Team does not have siginficant mitigations or compensating controls to counter this risk, even if likelihood is low. The IFA CISO has cited ongoing guidance that potential insider threat risks be prioritized above alternative categories of risk for this quarter. Additionally, there is sufficient budget and unallocated time for the GoodRead and Office of Information Technology system engineers to modify AwesomeCloud IAM roles on or before the next continuous monitoring cycle beginning in July 2023. The planned completion data is June 23, 2023.
+The owner, ISSO, and product team of the GoodRead Project intend to complete the necessary development by June 23. 2023, the last day of the coinciding sprint. Whether or not the necessary development for mitigation is complete, the product team's project manager will write a brief at the end of the sprint to thw owner and ISSO of this system with the final status and determination of this work item in this sprint.
+Budget and technical staff are needed to re-design and re-implement a part of the GoodRead application's use of a web appplication programming framework to mitigate the risk of low privilege users directly modifying the database of this application. This application is a high-visibility service and integral to future operations of the IFA Office of Public Affairs and its staff.
+Budget and technical staff allocation are available and designated to fix a misconfiguration of the IAM roles for members of the GoodRead Product Team in their AwesomeCloud account to implement least privilege as designed.
+An example of three customers leveraging an authorized SaaS, which is running on an authorized IaaS.
-+ uuid="d197545f-353f-407b-9166-ebf959774c5a"> ++ +CSP IaaS System Security Plan +2024-02-01T13:57:28.355446-04:00 +0.3 +1.1.2 ++ +Administrator ++ +External Customer ++ +Internal POC for Customers ++ ++ +Leveraged Authorization POC
++ + + csp_iaas_system +Leveraged IaaS System ++ -An example of three customers leveraging an authorized SaaS, which is running on an + authorized IaaS.
+Cust-A Cust-B Cust-C | | | +---------+---------+ @@ -39,193 +45,226 @@ Cust-A Cust-B Cust-C | this file | +-------------------+-In this example, the IaaS SSP specifies customer responsibilities for certain controls.
-The SaaS must address these for the control to be fully satisfied.
-The SaaS provider may either implement these directly or pass the responsibility on to their customers. Both may be necessary.
-For any given control, the Leveraged IaaS SSP must describe:
--
-- HOW the IaaS is directly satisfying the control
-- WHAT responsibilities are left for the Leveraging SaaS (or their customers) to implement.
-For any given control, the Leveraging SaaS SSP must describe:
--
-- WHAT is being inherited from the underlying IaaS
-- HOW the SaaS is directly satisfying the control.
-- WHAT responsibilities are left for the SaaS customers to implement. (The SaaS customers are Cust-A, B and C)
-low -- - System and Network Monitoring +In this example, the IaaS SSP specifies customer responsibilities for certain + controls.
+The SaaS must address these for the control to be fully satisfied.
+The SaaS provider may either implement these directly or pass the responsibility on + to their customers. Both may be necessary.
+For any given control, the Leveraged IaaS SSP must describe:
++
+- HOW the IaaS is directly satisfying the control
+- WHAT responsibilities are left for the Leveraging SaaS (or their customers) to + implement.
+For any given control, the Leveraging SaaS SSP must describe:
++
+- WHAT is being inherited from the underlying IaaS
+- HOW the SaaS is directly satisfying the control.
+- WHAT responsibilities are left for the SaaS customers to implement. (The SaaS + customers are Cust-A, B and C)
+
This IaaS system handles information pertaining to audit events.
+This impact has been adjusted to low as an example of how to perform this + type of adjustment.
+This impact has been adjusted to low as an example of how to perform this + type of adjustment.
+This impact has been adjusted to low as an example of how to perform this + type of adjustment.
+This IaaS system handles information pertaining to audit events.
+The hardware and software supporting the virtualized infrastructure supporting + the IaaS.
This impact has been adjusted to low as an example of how to perform this type of adjustment.
-This impact has been adjusted to low as an example of how to perform this type of adjustment.
-This impact has been adjusted to low as an example of how to perform this type of adjustment.
-The hardware and software supporting the virtualized infrastructure supporting the IaaS.
-Most system-characteristics content does not support the example, and is included to meet the minimum SSP syntax requirements.
-The system described by this SSP.
-This text was auto-generated by the OSCAL M3-RC1 data upgrade converter.
-This Leveraged IaaS.
-The entire system as depicted in the system authorization boundary
-An application within the IaaS, exposed to SaaS customers and their downstream customers.
-This Leveraged IaaS maintains aspects of the application.
-The Leveraging SaaS maintains aspects of their assigned portion of the application.
-The customers of the Leveraging SaaS maintain aspects of their sub-assigned portions of the application.
-This is a collection of control responses.
-Response for the "This System" component.
-Overall description of how "This System" satisfies AC-2, Part a.
-Response for the "This System" component.
-Overall description of how "This System" satisfies AC-2, Part a.
-Response for the "This System" component.
-Overall description of how "This System" satisfies AC-2, Part a.
-Response for the "This System" component.
-Overall description of how "This System" satisfies AC-2, Part a.
-Optional description about what is being exported.
-Leveraging system's responsibilities with respect to inheriting this capability.
-In the context of the application component in satisfaction of AC-2, part a.
-Describes how the application satisfies AC-2, Part a.
-Optional description about what is being exported.
-Consumer-appropriate description of what may be inherited.
-In the context of the application component in satisfaction of AC-2, part a.
-Leveraging system's responsibilities with respect to inheriting this capability.
-In the context of the application component in satisfaction of AC-2, part a.
-Most system-characteristics content does not support the example, and is included to + meet the minimum SSP syntax requirements.
+This Leveraged IaaS.
+The entire system as depicted in the system authorization boundary
+An application within the IaaS, exposed to SaaS customers and their downstream + customers.
+This Leveraged IaaS maintains aspects of the application.
+The Leveraging SaaS maintains aspects of their assigned portion of the + application.
+The customers of the Leveraging SaaS maintain aspects of their sub-assigned + portions of the application.
+This is a collection of control responses.
+Response for the "This System" component.
+Overall description of how "This System" satisfies AC-2, Part a.
+Response for the "This System" component.
+Overall description of how "This System" satisfies AC-2, Part a.
+Response for the "This System" component.
+Overall description of how "This System" satisfies AC-2, Part a.
+Response for the "This System" component.
+Overall description of how "This System" satisfies AC-2, Part a.
+Optional description about what is being exported.
+Consumer-appropriate description of what a leveraging system may + inherite from THIS SYSTEM in the context of satisfying + satisfaction of AC-2, part a.
+Leveraging system's responsibilities with respect to inheriting + this capability.
+In the context of the application component in satisfaction of + AC-2, part a.
+Describes how the application satisfies AC-2, Part a.
+Optional description about what is being exported.
+Consumer-appropriate description of what may be inherited.
+In the context of the application component in satisfaction of + AC-2, part a.
+Leveraging system's responsibilities with respect to inheriting + this capability.
+In the context of the application component in satisfaction of + AC-2, part a.
+a. Identifies and selects the following types of information system accounts + to support organizational missions/business functions: [Assignment: + privileged and non-privileged];
+a. Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: privileged and non-privileged];
+The organization:
+a. Identifies and selects the following types of information system accounts to + support organizational missions/business functions: [Assignment: + organization-defined information system account types];
+b. Assigns account managers for information system accounts;
+c. Establishes conditions for group and role membership;
+d. through j. omitted
The organization:
-a. Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: organization-defined information system account types];
-b. Assigns account managers for information system accounts;
-c. Establishes conditions for group and role membership;
-d. through j. omitted
-NIST Special Publication 800-53 Revision 4: Low Baseline Profile
-NIST Special Publication 800-53 Revision 4: Low Baseline Profile
+Leveraged Authorization POC
+Leveraging SaaS' Admin
+Leveraged Authorization (IaaS) POC
An example of three customers leveraging an authorized SaaS, which is running on an authorized IaaS.
+An example of three customers leveraging an authorized SaaS, which is running on an + authorized IaaS.
Cust-A Cust-B Cust-C
| | |
@@ -38,24 +43,28 @@ Cust-A Cust-B Cust-C
| Leveraged IaaS |
+-------------------+
- In this example, the IaaS SSP specifies customer responsibilities for certain controls.
-The SaaS must address these for the control to be fully satisfied.
-The SaaS provider may either implement these directly or pass the responsibility on to their customers. Both may be necessary.
+In this example, the IaaS SSP (the leveraged SSP) specifies what IaaS provides and the + customer's responsibilities for certain controls.
+The SaaS must address these responsibilities for the control to be fully satisfied.
+The SaaS provider may either implement these directly or pass the responsibility on to + their customers. Both may be necessary.
For any given control, the Leveraged IaaS SSP must describe:
For any given control, the Leveraging SaaS SSP must describe:
This system handles information pertaining to audit events.
@@ -67,21 +76,24 @@ Cust-A Cust-B Cust-CThis impact has been adjusted to low as an example of how to perform this type of adjustment.
+This impact has been adjusted to low as an example of how to perform this type + of adjustment.
This impact has been adjusted to low as an example of how to perform this type of adjustment.
+This impact has been adjusted to low as an example of how to perform this type + of adjustment.
This impact has been adjusted to low as an example of how to perform this type of adjustment.
+This impact has been adjusted to low as an example of how to perform this type + of adjustment.
The virtualized components deployed on the CSP IaaS.
Most system-characteristics content does not support the example, and is included to meet the minimum SSP syntax requirements.
+Most system-characteristics content does not support the example, and is included to + meet the minimum SSP syntax requirements.
The system described by this SSP.
-This text was auto-generated by the OSCAL M3-RC1 data upgrade converter.
-If the leveraged system owner provides a UUID for their system (such as in an OSCAL-based CRM), it should be used as the UUID for this component.
+If the leveraged system owner provides a UUID for their system (such as in an + OSCAL-based CRM), it should be used as the UUID for this component.
An access control virtual appliance, wich performs XYZ functions.
Inherited from underlying IaaS.
Response for the "This System" component.
Overall description of how "This System" satisfies AC-2, Part a.
@@ -190,32 +195,38 @@ Cust-A Cust-B Cust-CResponse for the "This System" component.
Overall description of how "This System" satisfies AC-2, Part a.
Describe how this internal virtual appliance satisfies AC-2, Part a.
Description that directly addresses how the consumer responsibility was satisfied.
+Description that directly addresses how the consumer responsibility was + satisfied.
- duplicated/tailored description of what was inherited, and description of what was configured. + duplicated/tailored description of what was inherited, and description of + what was configured.
Consumer-appropriate description of what may be inherited.
In the context of the application component in satisfaction of AC-2, part a.
Optional description.
@@ -226,19 +237,23 @@ Cust-A Cust-B Cust-C
Description of how the responsibility was satisfied.
a. Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: privileged and non-privileged];
+a. Identifies and selects the following types of information system accounts to + support organizational missions/business functions: [Assignment: privileged and + non-privileged];
The organization:
-a. Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: organization-defined information system account types];
+a. Identifies and selects the following types of information system accounts to + support organizational missions/business functions: [Assignment: organization-defined + information system account types];
b. Assigns account managers for information system accounts;
c. Establishes conditions for group and role membership;
Omitted: d. through j.
@@ -247,23 +262,29 @@ Cust-A Cust-B Cust-CNIST Special Publication 800-53 Revision 4: Low Baseline Profile
Leveraged System Security Plan in OSCAL Data Formats
This is an example of a system that provides enterprise logging and log auditing capabilities.
-The system described by this SSP.
+Ensures proper integration into the enterprise as new systems are brought into production.
-This is a partial implementation that addresses the logging server portion of the
diff --git a/src/examples/ssp/xml/workshop-ssp-example.xml b/src/examples/ssp/xml/workshop-ssp-example.xml
new file mode 100644
index 00000000..7ba147f3
--- /dev/null
+++ b/src/examples/ssp/xml/workshop-ssp-example.xml
@@ -0,0 +1,264 @@
+
+ This system acts as a link shortener for IFA employees This system maintains a set of user-provided links and their associated
+ shortlinks Maliciously modified links are a concern This section describes an attached diagram of the authorization boundary for IFA GoodRead Project's information system. This section describes an attached diagram of the network architecture for IFA GoodRead Project's information system. This section describes an attached diagram of various dataflows for application and related elements of the IFA GoodRead Project's information system. The developer of the application supports IFA Public Affairs Officers by administering the application and its infrastructure. IFA Public Affairs Officers (PAOs) in each division of the agency review public communications to citizens who are customers of the IFA. PAOs review requests from colleagues to generate and publish content that is the target of a shortlink and can unpublish shortlinks. The general public is free to click on shortlinks IFA develops, operates, and maintains the GoodRead link shortener system to This is the custom GoodRead application within the system. This is the web application framework upon which the developer writes the custom GoodRead application for the user interface and API of this system. This is the database for the custom GoodRead application within the system. This is the operating system for the web server that runs the custom GoodRead application within the system. This inventory item is an instance from the AwesomeCloud Awesome Compute Service (ACS) Service. It is a Linux server. This inventory item is an instance from the AwesomeCloud Awesome Load Balancer (ALB) Service. It is a Linux server. This is the control implementation for the application and infrastructure that compose to the IFA GoodRead Project's system. The IFA GoodRead application and infrastructure are composed as designed and implemented with lease privilege for the elements of this system. For the IFA GoodRead application, the custom application is designed and implemented on top of the Django Framework to enforce least privilege. The application has a role for IFA Public Affairs Officers and one for the developers for privileged permissions, respectively. Only the latter can access or change administrative and security configurations and related data. The Django Framework and Django REST Framework (DRF), by default, allows any user with the For the IFA GoodRead database, the system account and accredentials for the application to read and write to the system datastore has specific read and write authorization for specific tables. This database service account does not have full administrative permissions to add, modify, or delete all respective tables. For the production environment, only the IFA GoodRead developer has a dedicated account with equivalent permissions. Only local network socket access, within in the Linux server, is permitted by host firewall configuration. Remote access, privileged or unprivileged, is not allowed remotely and the system engineer must locally authenticate for access. For the RedHat Linux server upon which the IFA GoodRead application is deployed in this system, only the system engineer has a non-privileged user to log in remotely via the SSH protocol to perform ad-hoc inspection, monthly log review as required by policy and procedure, and emergency debugging of the system. Privileged system administration operations may only be performed with the For this remote SSH access, least privilege is additionally enforced by allowing this access via a specific network zone in the IFA GoodRead AwesomeCloud account accessible to only the system engineer via IFA's VPN solution, which requires the system engineer use a dedicated account with their own password and two-factor authentication token. For cloud account and API access to reconfigure the Linux server and its load balancer, administrative access is only allowed for the system engineer via a special AwesomeCloud IAM role. The authentication and authorization for this role is controlled by an integration with the organization's single sign-on solution. This solution will only be accessible and correctly execute for them when they are on the VPN with their account with traffic forwarded to the appropriate network zone in the IFA GoodRead account in AwesomeCloud. It will not work the developer or any staff users of the application.is_staff role attribute to access administrative functions in an application using the framework. IFA GoodRead developers have disabled this behavior, relying on the custom roles identified in the relevant section.sudo subsystem which requires a password, two-factor authentication, and has enhanced logging of all commands executed. The system engineer must log in remotely and then use sudo to elevate privileges. Remote access with the privileged account is prohibited by configuration and attempts are logged.