Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Platform Security Q4 Access Review - TestRail [DUE December 16 2024] #97704

Open
5 tasks
kell-y opened this issue Nov 22, 2024 · 0 comments
Open
5 tasks

Platform Security Q4 Access Review - TestRail [DUE December 16 2024] #97704

kell-y opened this issue Nov 22, 2024 · 0 comments
Labels
platform-security PSEC team issues. Platform-Support-Sprint-Work Tier 1 Support Team Projects, Tasks, Research platform-tech-team-support for Platform Tech Support Matrix Team

Comments

@kell-y
Copy link

kell-y commented Nov 22, 2024
edited
Loading

Access Review Description:

OCTO-DE teams are responsible for periodically reviewing access to systems and applications they manage to ensure that only authorized personnel have the required access and permissions.

OCTO-DE teams periodically review user access to ensure that access is limited to users who currently need to access the systems and applications and that those users have the appropriate permissions.

Platform Security initiates each review cycle and application owners are responsible for executing the process for each application that they own. Once complete, application owners document the results of the access review and send the artifacts to Platform Security to document in eMASS as evidence.

Tasks:

The Q4 access reviews should track any users that were removed or changed outside of normal offboarding processes since the last access review completed in September 2024.

  • Remove any users that should no longer have access to the systems or applications. Results must include a list of user access that was changed and why.
  • Ensure that existing users have the correct permissions.
  • Ensure that every system has at least two administrators, and that any system which is expected to persist even if administration transitions to a new contractor has at least one administrator who is a government employee.
  • Document the results of the review using the linked template: TestRail.

AC:

  • Notify Platform Security that the access reviews are complete.

Resources:
Below are three links that describe the access review process:
@kell-y kell-y added Platform-Support-Sprint-Work Tier 1 Support Team Projects, Tasks, Research platform-tech-team-support for Platform Tech Support Matrix Team labels Nov 22, 2024
@kell-y kell-y assigned davidpetras and unassigned davidpetras Nov 22, 2024
@kell-y kell-y changed the title Copy of Platform Security Access Review - PagerDuty [DUE September 16 2024] Platform Security Q4 Access Review - TestRail [DUE December 16 2024] Nov 22, 2024
@kell-y kell-y added the platform-security PSEC team issues. label Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
platform-security PSEC team issues. Platform-Support-Sprint-Work Tier 1 Support Team Projects, Tasks, Research platform-tech-team-support for Platform Tech Support Matrix Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kell-y @davidpetras