Nested Knowledge

Bringing Systematic Review to Life

User Tools

Site Tools

Trace:
wiki:policies:cloud

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
wiki:policies:cloud [2023/01/25 19:34]
kholub 		wiki:policies:cloud [2023/02/24 07:27]
kholub
Line 1: Line 1:
 ===== Cloud Security ===== ===== Cloud Security =====
 +
 +==== Standards Compliance ====
 +
 +Our development team designs and maintains architecture, access rules, logging, and monitoring/alerting in our production cloud environment that aim to achieve compliance with the [[https://www.cisecurity.org/cis-benchmarks|CIS AWS Benchmark]]. An internal review is performed annually for all scored, Level 1 controls, with the reviewers, date, and benchmark score recorded. Remediations for noncompliancies are maintained, prioritized, and tracked per our development policies.
 +
 +Being that CIS updates recommendations, the benchmark should be updated to newest versions with each annual review.
  
 ==== Changes to the Cloud Environment ==== ==== Changes to the Cloud Environment ====
Line 21: Line 27:
   * Verification via manual testing, access & network logging, load testing, etc. as appropriate by the release engineer.   * Verification via manual testing, access & network logging, load testing, etc. as appropriate by the release engineer.
  
-**Notification of Changes:**  We will notify our client and customers of changes to the cloud environment in cases where the change is likely to disrupt services, workflows, or introduce new security vulnerabilities. Our chief technology officer will communicate the planned change and the associated risks at least 48 hours before the change is implemented.+**Notification of Changes:**  We will notify our client and customers of changes to the cloud environment in cases where the change is likely to disrupt services, workflows, or introduce new security vulnerabilities. We will communicate the planned change and the associated risks at least 1 week prior to the change being implemented.
  
 ==== Cloud-related Access Policy ==== ==== Cloud-related Access Policy ====
Line 38: Line 44:
  
 ^Author^Date of Revision/Review^Comments/Description| ^Author^Date of Revision/Review^Comments/Description|
-|K. Holub|1/25/2023|Annual review, added rollback provision|+|K. Holub|2/24/2023|Addition of CIS benchmark|
 |K. Cowie|11/21/2021|Minor Changes| |K. Cowie|11/21/2021|Minor Changes|
  
wiki/policies/cloud.txt ยท Last modified: 2023/10/11 06:18 by kholub

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki