Differences

This shows you the differences between two versions of the page.

--- wiki:policies:cloud [2023/02/24 07:10]
kholub
+++ wiki:policies:cloud [2023/10/11 06:18] (current)
kholub
@@ Line 3: / Line 3: @@
 ==== Standards Compliance ====
-Our development team designs and maintains architecture, access rules, logging, and monitoring/alerting in our production cloud environment that aim to achieve compliance with the [[https://www.cisecurity.org/cis-benchmarks|CIS AWS Benchmark]]. An internal review is performed annually, with the reviewers, date, and benchmark score recorded. Remediations for noncompliancies are maintained, prioritized, and tracked per our development policies.
+Our development team designs and maintains architecture, access rules, logging, and monitoring/alerting in our production cloud environment that aim to achieve compliance with the [[https://www.cisecurity.org/cis-benchmarks|CIS AWS Benchmark]]. An internal review is performed annually for all scored, Level 1 controls, with the reviewers, date, and benchmark score recorded. Remediations for noncompliancies are maintained, prioritized, and tracked per our development policies.
 Being that CIS updates recommendations, the benchmark should be updated to newest versions with each annual review.
@@ Line 23: / Line 23: @@
   * A review of the methodology and documented changes
       * The developer requesting changes must explain any risks associated with the change, mitigations, and advance testing methods that may be used.
+  * Advance testing in our staging environment
   * Requirement of generating a rollback strategy
   * Requirement of providing a full audit log of actions taken upon deployment

Nested Knowledge

User Tools

Site Tools

Differences

Page Tools