Security Engineering Principles

System and Services Acquisition Policy for 18F uses the Cloud Foundry secure deployment best practices, which include the following:

  • Configure UAA clients and users using a standard BOSH manifest for Cloud Foundry Development.
  • develops and maintains documentation on the baseline configuration of the information system that include network topology, system architecture, application, web, and server components along with software standards.
  • Cloud Foundry protects the information system from security threats by minimizing network surface area, applying security controls, isolating applications and data in containers, and encrypting connections.
  • It also implements role-based access controls, applying and enforcing permissions to isolate user to their space. Baseline configurations settings are reviewed on a continual basis to to comply with federal mandates and compliance standards.
  • documents changes to the baseline configuration in GitHub for review. Part of this process includes a thorough security analysis of the proposed change prior to the configuration change being implemented on the operational system.
  • deploys with every application a standard set of tools for security and monitoring of each application to identify security issues. For more details please refer to 18F Configuration Management Policy and security controls CM-2, CM-3, and CM-6. Covered By:

results matching ""

    No results matching ""