MA-Policy.md

Maintenance

See CIO 2100.1P – GSA IT Security Policy

• Chapter 3, Policy for Identify Function, which covers:
  • MA-1
• Chapter 4, Policy for Protect Function, which covers:
  • MA-2, MA-3, MA-5, MA-6

The latest version can be found on the GSA IT Security Policies page.

Purpose

Not applicable. cloud.gov is completely virtualized via AWS GovCloud. cloud.gov leverages the Provisional Authorization for AWS GovCloud for all physical maintenance. See below for a discussion of software maintenance.

Scope

See the Applicability section of the GSA IT Security Policy.

Policy overlay

For information on roles and responsibilities, management commitment, coordination among organizational entities, compliance, reviews, and updates please see the Technology Transformation Service's (TTS) Common Control Policy.

Procedures

Software maintenance on cloud.gov is accomplished via the procedures of Configuration Management (CM) and System and Services Acquisition (SA). Please see those control families for details.

Version history

Complete version history: https://github.com/cloud-gov/cg-compliance-docs/commits/master/MA-Policy.md

• 2016-10: Initial version for authorization
• 2017-09: Security policy link updates
• 2019-12: Update links to GSA security policy
• 2020-11: Update links to GitHub and GSA policies, split controls by CSF, add version history
• 2021-11: Fix one link to cloud-gov GitHub
• 2024-05: Update links to GSA Security Policy