NIST-800-53-AC-14

Permitted Actions Without Identification or Authentication

Cloud Controller

a

There are no permitted actions without identification and authentication to Cloud.Gov. The Cloud Controller rejects any broker registration that does not contain a username and password. The Cloud Controller authenticates every request with the Service Broker API using HTTP or HTTPS, depending on which protocol you specify during broker registration.

Identity and Access Management

a

There are no administrative actions than can be performed within the organization's Virtual Private Cloud (VPC) without multifactor authentication. Per AWS, privileged users can not gain access to the AWS console without identification and authorization to its a VPC.

b

It is not possible for members of the 18F Devops and SecOps teams to aceess the organization's VPC infrastructure without muitifactor authetication.

Access Control Policies for 18F

b

It is not possible for members of the 18F Devops and SecOps teams to access the 18F virtual private cloud infrastructure without multifactor authentication and identification. All client users of cloud.gov must login using authenticated credentials in order to access the system.

Covered By:

User Account and Authentication (UAA) Server

a

There are no permitted actions without identification and authentication to Cloud.Gov. The Cloud Controller rejects any broker registration that does not contain a username and password. The Cloud Controller authenticates every request with the Service Broker API using HTTP or HTTPS, depending on which protocol you specify during broker registration.

b

It is not possible for members of the 18F Devops and SecOps teams to aceess the 18F virtual private cloud infrastructure without muitifactor authetication and identification. All clinet users of Cloud.gov must login using authenticated credentials in order to acess the system as stated in Part A above.

results matching ""

    No results matching ""