NIST-800-53-AC-6 1

Least Privilege | Authorize Access to Security Functions

Identity and Access Management

The organization explicitly authorizes access to administrative and security functions of its virtual infrastructure and residing platforms to designated individuals within the organization's SecOps and DevOps team. No other authorizations to security and administrative information is granted to individuals outside these teams.

Access Control Policies for 18F

Because cloud.gov is a PaaS all accessible functions are privileged functions. Nevertheless, 18F team members use different accounts with increasing security requirements for accessing Cloud Foundry as a user, Cloud Foundry as a administrator, and AWS as an administrator. Covered By:

results matching ""

    No results matching ""