NIST-800-53-AC-6

Least Privilege

Cloud Controller

Cloud.Gov uses feature flags which allows an administrator to turn on or off sub-sections, or features, of an application without deploying new code. 18F uses Orgs, Spaces, and Roles to implement least privileged access to the platform as a service. Cloud.Gov uses role-based access control (RBAC), with each role granting permissions in either an org or a space.

Covered By:

Identity and Access Management

Identity and Access Management (IAM) policies are attached to the users, enabling centralized control of permissions for users under the organization's AWS Account to access services, buckets or objects. With IAM policies, the organization only grant users within its own AWS account permission to access its Amazon resources. AWS IAM policies are defined to grant only the required access for the organizational staff necessary to perform their functions. The organization defines least privilege access to each user, group or role. Security functions within the AWS infrastructure are explicitly defined within IAM to include read-only permissions for any user functions. The organization incorporates running the IAM Policy Simulator to test policies for least privilege access for users and groups.

Access Control Policies for 18F

IAM policies are attached to the users, enabling centralized control of permissions for users under 18F AWS Account to access services, buckets or objects. With IAM policies, 18F only grants users within its own AWS account permission to access its Amazon resources. 18F AWS IAM policies are defined to grant only the required access for 18F staff necessary to perform their functions. 18F defines least privilege access to each user, group, or role. Security functions within the AWS infrastructure are explicitly defined within IAM to include read-only permissions for any user functions. 18F incorporate running the IAM Policy Simulator to test policies for least privilege access for users and groups. Covered By:

results matching ""

    No results matching ""