Information System Monitoring
System and Information Integrity Policy for 18F
cloud.gov operators monitor the cloud.gov information system to detect potential attacks and intrusions from internal and external sources in accordance with the 18F System Information and Integrity Policy section 3 - Information System monitoring, the FedRAMP Incident communication procedures, and GSA CIO-IT Security-08-39 section "System Monitoring / Audit Record Review" for GSA specific information systems.
18F identifies un-authorized access to the cloud.gov information system using automated monitoring tools within its virtual private cloud for monitoring, log management and event analysis. 18F monitors for attacks and indicators of potential attacks, unauthorized local, network, and remote connections.
The infrastructure that hosts cloud.gov provides monitoring and intrusion detcetion of unusual activity at the physical and network layers. 18F is responsible for monitoring everything related to its virtual infrastructure and has deployed monitoring and intrusion detection tools within its virtual private cloud to log and detect malicious activities to its information systems including cloud.gov.
18F ensures intrusion and monitoring tools are protected from unauthorized access by only granting access to certain members from the cloud.gov operators. All monitoring and intrusion information data is protected by limiting accounts to authorized privileged users only and is maintained in secured repositories for review by those members.
Information system monitoring will be heightened based on advisories from Pivotal, US-CERT Advisories, commercial security communities, and other sources.
Information system monitoring will be conducted in accordance and compliance with 18F security policies and all applicable laws, Executive Orders, directives, and regulations.
18F provides monitoring of all information system components. In the event of an event or incident, information will be provided as it is available. Scheduled reports will be provided for events such as after-hours administrative logins, users being added to privileged groups, persistent malware detections, etc., to designated members of the cloud.gov operators as needed.