This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:policies:cloud [2023/01/25 19:34] kholub |
wiki:policies:cloud [2023/10/11 06:18] (current) kholub |
||
---|---|---|---|
Line 1: | Line 1: | ||
===== Cloud Security ===== | ===== Cloud Security ===== | ||
+ | |||
+ | ==== Standards Compliance ==== | ||
+ | |||
+ | Our development team designs and maintains architecture, | ||
+ | |||
+ | Being that CIS updates recommendations, | ||
==== Changes to the Cloud Environment ==== | ==== Changes to the Cloud Environment ==== | ||
Line 17: | Line 23: | ||
* A review of the methodology and documented changes | * A review of the methodology and documented changes | ||
* The developer requesting changes must explain any risks associated with the change, mitigations, | * The developer requesting changes must explain any risks associated with the change, mitigations, | ||
+ | * Advance testing in our staging environment | ||
* Requirement of generating a rollback strategy | * Requirement of generating a rollback strategy | ||
* Requirement of providing a full audit log of actions taken upon deployment | * Requirement of providing a full audit log of actions taken upon deployment | ||
* Verification via manual testing, access & network logging, load testing, etc. as appropriate by the release engineer. | * Verification via manual testing, access & network logging, load testing, etc. as appropriate by the release engineer. | ||
- | **Notification of Changes: | + | **Notification of Changes: |
==== Cloud-related Access Policy ==== | ==== Cloud-related Access Policy ==== | ||
Line 38: | Line 45: | ||
^Author^Date of Revision/ | ^Author^Date of Revision/ | ||
- | |K. Holub|1/25/2023|Annual review, added rollback provision| | + | |K. Holub|2/24/2023|Addition of CIS benchmark| |
|K. Cowie|11/ | |K. Cowie|11/ | ||