From 7100722fc86d190b39ddcd444b2a9c35ebcadc51 Mon Sep 17 00:00:00 2001 From: Chris Weibel Date: Tue, 7 Mar 2023 15:27:30 -0500 Subject: [PATCH] Update AC-Policy.md Link to the onboarding checklist was out of date, this should be the correct link --- AC-Policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AC-Policy.md b/AC-Policy.md index df5ec5b..3d9c1ec 100644 --- a/AC-Policy.md +++ b/AC-Policy.md @@ -34,7 +34,7 @@ cloud.gov's access control procedures starts with an offer letter to an individu Successfully issuing a PIV card allows internal users to obtain credentials for GSA SecureAuth, GSA's enterprise identity system. GSA SecureAuth is used to gate access control to cloud.gov's Operations User Account and Authentication (UAA) Server, which is integrated with GSA SecureAuth. -Technical onboarding to cloud.gov is initiated by the cloud.gov Director, Deputy Director, or Program Manager via creation of an Onboarding issue in the cloud.gov issue tracking system. The issue should include the On-boarding Checklist (https://github.com/cloud-gov/product/blob/master/OnboardingChecklist.md) which ensures the internal user gains proper access and permissions to any systems or tools they need, inclusive of access to Amazon Web Services (AWS). Access to AWS is strictly limited to the System Owner, Cloud Operations, and Cloud Compliance (read-only). The Cloud Operations team member assigned to the issue acts on it once the individual has GSA SecureAuth access and a GSA email account. +Technical onboarding to cloud.gov is initiated by the cloud.gov Director, Deputy Director, or Program Manager via creation of an Onboarding issue in the cloud.gov issue tracking system. The issue should include the On-boarding Checklist (https://github.com/cloud-gov/product/blob/main/.github/ISSUE_TEMPLATE/onboard-platform-ops.md) which ensures the internal user gains proper access and permissions to any systems or tools they need, inclusive of access to Amazon Web Services (AWS). Access to AWS is strictly limited to the System Owner, Cloud Operations, and Cloud Compliance (read-only). The Cloud Operations team member assigned to the issue acts on it once the individual has GSA SecureAuth access and a GSA email account. The System Owner (or representative) and a quorum of the Cloud Operations meet on a quarterly basis to review and confirm all team accounts meet requirements for compliance