Incident Response for cloud.gov
cloud.gov implements automated processes to detect and analyze malicious activity within the platform. If these processes detect malicious activity, they automatically report the activity to the cloud.gov operations team, which is able to use automated tools to eradicate the threat and recover to a known state. cloud.gov uses a service-oriented architecture that allows natural containment and separation.
The cloud.gov team works as a whole on both contingency planning and incident handling. From operations to communication, everyone is involved.
After the conclusion of each event response, the cloud.gov team schedules a retrospective and captures the output of the session in a document available at https://github.com/18F/cg-postmortems/wiki.
All cloud.gov team members have been cleared according to at least tier 1 non-sensitive federal security or an equivalent for contractors.