diff --git a/src/examples/ssp/xml/ifa_ssp-example.xml b/src/examples/ssp/xml/ifa_ssp-example.xml index 246555de..4e17ec09 100644 --- a/src/examples/ssp/xml/ifa_ssp-example.xml +++ b/src/examples/ssp/xml/ifa_ssp-example.xml @@ -59,25 +59,15 @@ User-provided Links - -

This system maintains a set of user-provided links and their associated - shortlinks

+

This system maintains a set of user-provided links and their associated shortlinks

 - - C.2.8.12 + C.2.8.12 - - fips-199-low + fips-199-low - - fips-199-low - fips-199-moderate - -

Maliciously modified links are a concern

- + fips-199-lowfips-199-moderate

Maliciously modified links are a concern

 - - fips-199-low + fips-199-low @@ -89,20 +79,17 @@ -

This section describes an attached diagram of the authorization boundary for IFA - GoodRead Project's information system.

+

This section describes an attached diagram of the authorization boundary for IFAGoodRead Project's information system.

 -

This section describes an attached diagram of the network architecture for IFA - GoodRead Project's information system.

+

This section describes an attached diagram of the network architecture for IFAGoodRead Project's information system.

 -

This section describes an attached diagram of various dataflows for application - and related elements of the IFA GoodRead Project's information system.

+

This section describes an attached diagram of various dataflows for applicationand related elements of the IFA GoodRead Project's information system.

 @@ -110,8 +97,7 @@ Application Administrator -

The developer of the application supports IFA Public Affairs Officers by - administering the application and its infrastructure.

+

The developer of the application supports IFA Public Affairs Officers byadministering the application and its infrastructure.

 developer @@ -128,10 +114,7 @@ Public Affairs Officers -

IFA Public Affairs Officers (PAOs) in each division of the agency review public - communications to citizens who are customers of the IFA. PAOs review requests - from colleagues to generate and publish content that is the target of a - shortlink and can unpublish shortlinks.

+

IFA Public Affairs Officers (PAOs) in each division of the agency review publiccommunications to citizens who are customers of the IFA. PAOs review requestsfrom colleagues to generate and publish content that is the target of ashortlink and can unpublish shortlinks.

 public-affairs-office @@ -179,8 +162,7 @@ -

This is the web application framework upon which the developer writes the custom - GoodRead application for the user interface and API of this system.

+

This is the web application framework upon which the developer writes the customGoodRead application for the user interface and API of this system.

 @@ -202,8 +184,7 @@ -

This is the operating system for the web server that runs the custom GoodRead - application within the system.

+

This is the operating system for the web server that runs the custom GoodReadapplication within the system.

 @@ -213,8 +194,7 @@ -

This inventory item is an instance from the AwesomeCloud Awesome Compute Service - (ACS) Service. It is a Linux server.

+

This inventory item is an instance from the AwesomeCloud Awesome Compute Service(ACS) Service. It is a Linux server.

 @@ -227,8 +207,7 @@ -

This inventory item is an instance from the AwesomeCloud Awesome Load Balancer - (ALB) Service. It is a Linux server.

+

This inventory item is an instance from the AwesomeCloud Awesome Load Balancer(ALB) Service. It is a Linux server.

 @@ -264,54 +243,7 @@ - -

The IFA GoodRead application and infrastructure are composed as designed and - implemented with lease privilege for the elements of this system.

-

For the IFA GoodRead application, the custom application is designed and - implemented on top of the Django Framework to enforce least privilege. The - application has a role for IFA Public Affairs Officers and one for the - developers for privileged permissions, respectively. Only the latter can - access or change administrative and security configurations and related - data.

-

The Django Framework and Django REST Framework (DRF), by default, allows any - user with the is_staff role attribute to access administrative - functions in an application using the framework. IFA GoodRead developers - have disabled this behavior, relying on the custom roles identified in the - relevant section.

-

For the IFA GoodRead database, the system account and accredentials for the - application to read and write to the system datastore has specific read and - write authorization for specific tables. This database service account does - not have full administrative permissions to add, modify, or delete all - respective tables. For the production environment, only the IFA GoodRead - developer has a dedicated account with equivalent permissions. Only local - network socket access, within in the Linux server, is permitted by host - firewall configuration. Remote access, privileged or unprivileged, is not - allowed remotely and the system engineer must locally authenticate for - access.

-

For the RedHat Linux server upon which the IFA GoodRead application is - deployed in this system, only the system engineer has a non-privileged user - to log in remotely via the SSH protocol to perform ad-hoc inspection, - monthly log review as required by policy and procedure, and emergency - debugging of the system. Privileged system administration operations may - only be performed with the sudo subsystem which requires a - password, two-factor authentication, and has enhanced logging of all - commands executed. The system engineer must log in remotely and then use - sudo to elevate privileges. Remote access with the privileged account - is prohibited by configuration and attempts are logged.

-

For this remote SSH access, least privilege is additionally enforced by - allowing this access via a specific network zone in the IFA GoodRead - AwesomeCloud account accessible to only the system engineer via IFA's VPN - solution, which requires the system engineer use a dedicated account with - their own password and two-factor authentication token.

-

For cloud account and API access to reconfigure the Linux server and its load - balancer, administrative access is only allowed for the system engineer via - a special AwesomeCloud IAM role. The authentication and authorization for - this role is controlled by an integration with the organization's single - sign-on solution. This solution will only be accessible and correctly - execute for them when they are on the VPN with their account with traffic - forwarded to the appropriate network zone in the IFA GoodRead account in - AwesomeCloud. It will not work the developer or any staff users of the - application.

+

The IFA GoodRead application and infrastructure are composed as designed and implemented with lease privilege for the elements of this system.

For the IFA GoodRead application, the custom application is designed and implemented on top of the Django Framework to enforce least privilege. The application has a role for IFA Public Affairs Officers and one for the developers for privileged permissions, respectively. Only the latter can access or change administrative and security configurations and related data.

The Django Framework and Django REST Framework (DRF), by default, allows any user with the is_staff role attribute to access administrative functions in an application using the framework. IFA GoodRead developers have disabled this behavior, relying on the custom roles identified in the relevant section.

For the IFA GoodRead database, the system account and accredentials for the application to read and write to the system datastore has specific read and write authorization for specific tables. This database service account does not have full administrative permissions to add, modify, or delete all respective tables. For the production environment, only the IFA GoodRead developer has a dedicated account with equivalent permissions. Only local network socket access, within in the Linux server, is permitted by host firewall configuration. Remote access, privileged or unprivileged, is not allowed remotely and the system engineer must locally authenticate for access.

For the RedHat Linux server upon which the IFA GoodRead application is deployed in this system, only the system engineer has a non-privileged user to log in remotely via the SSH protocol to perform ad-hoc inspection, monthly log review as required by policy and procedure, and emergency debugging of the system. Privileged system administration operations may only be performed with the sudo subsystem which requires a password, two-factor authentication, and has enhanced logging of all commands executed. The system engineer must log in remotely and then use sudo to elevate privileges. Remote access with the privileged account is prohibited by configuration and attempts are logged.

For this remote SSH access, least privilege is additionally enforced by allowing this access via a specific network zone in the IFA GoodRead AwesomeCloud account accessible to only the system engineer via IFA's VPN solution, which requires the system engineer use a dedicated account with their own password and two-factor authentication token.

For cloud account and API access to reconfigure the Linux server and its load balancer, administrative access is only allowed for the system engineer via a special AwesomeCloud IAM role. The authentication and authorization for this role is controlled by an integration with the organization's single sign-on solution. This solution will only be accessible and correctly execute for them when they are on the VPN with their account with traffic forwarded to the appropriate network zone in the IFA GoodRead account in AwesomeCloud. It will not work the developer or any staff users of the application.