NIST-800-53-AC-4 21

Information Flow Enforcement | Physical / Logical Separation of Information Flows

Warden

Warden ALLOW rules: Any Warden Server configuration allow rules. Set Warden Server configuration rules in the Droplet Execution Agent (DEA) configuration section of your deployment manifest. Warden DENY rules: Any Warden Server configuration deny rules. Set Warden Server configuration rules in the DEA configuration section of your deployment manifest.

DEA

The DEA manages the Warder Containers and controls both outbound and inbound network rules

Application Security Groups

Cloud.Gov uses application security groups act as virtual firewalls to control outbound traffic from the applications in deployment. Cloud.Gov evaluates security groups and other network traffic rules in a strict priority order. Cloud Foundry returns and allow, deny, or reject result for the first rule that matches the outbound traffic request parameters, and does not evaluate any lower-priority rules. Cloud Foundry evaluates the network traffic rules for an application in the following order: Security Groups: The rules described by the Default Staging set, the Default Running set, and all security groups bound to the space.

Amazon Virtual Private Cloud

The virtual private cloud logically separates the hosted services from other information systems within its environment. Any service built using AWS VPC will reside within its own virtual private network and may have its own dedicated elastic load balancers for incoming traffic.

results matching ""

    No results matching ""