This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:policies:cloud [2021/11/21 17:00] katcow |
wiki:policies:cloud [2023/10/11 06:18] (current) kholub |
||
---|---|---|---|
Line 1: | Line 1: | ||
===== Cloud Security ===== | ===== Cloud Security ===== | ||
+ | |||
+ | ==== Standards Compliance ==== | ||
+ | |||
+ | Our development team designs and maintains architecture, | ||
+ | |||
+ | Being that CIS updates recommendations, | ||
==== Changes to the Cloud Environment ==== | ==== Changes to the Cloud Environment ==== | ||
Line 17: | Line 23: | ||
* A review of the methodology and documented changes | * A review of the methodology and documented changes | ||
* The developer requesting changes must explain any risks associated with the change, mitigations, | * The developer requesting changes must explain any risks associated with the change, mitigations, | ||
- | * Providing | + | * Advance testing in our staging environment |
+ | * Requirement of generating a rollback strategy | ||
+ | * Requirement of providing | ||
* Verification via manual testing, access & network logging, load testing, etc. as appropriate by the release engineer. | * Verification via manual testing, access & network logging, load testing, etc. as appropriate by the release engineer. | ||
- | **Notification of Changes:** We will notify our client and customers of changes to the cloud environment in cases where the change is likely to disrupt services, workflows, or introduce new security vulnerabilities. | + | **Notification of Changes: |
==== Cloud-related Access Policy ==== | ==== Cloud-related Access Policy ==== | ||
Line 37: | Line 45: | ||
^Author^Date of Revision/ | ^Author^Date of Revision/ | ||
- | |K. Holub|11/17/2021|Review Completed| | + | |K. Holub|2/24/2023|Addition of CIS benchmark| |
- | |K. Cowie|11/17/2021|Initial Draft Completed| | + | |K. Cowie|11/21/2021|Minor Changes| |
+ | [[: | ||