Skip to content

Commit

Permalink
Update ifa_ssp-example.xml
Browse files Browse the repository at this point in the history
  • Loading branch information
@wandmagic @iMichaela
wandmagic authored and iMichaela committed Feb 13, 2024
1 parent bf0cdec commit ca05d91
Showing 1 changed file with 15 additions and 83 deletions.
98 changes: 15 additions & 83 deletions src/examples/ssp/xml/ifa_ssp-example.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,25 +59,15 @@
<system-information>
<information-type uuid="bccfbb65-a7f3-41ac-989f-01d96eddfdc7">
<title>User-provided Links</title>
<description>
<p>This system maintains a set of user-provided links and their associated
shortlinks</p>
<description><p>This system maintains a set of user-provided links and their associated shortlinks</p>
</description>
<categorization system="https://doi.org/10.6028/NIST.SP.800-60v2r1">
<information-type-id>C.2.8.12</information-type-id>
<categorization system="https://doi.org/10.6028/NIST.SP.800-60v2r1"><information-type-id>C.2.8.12</information-type-id>
</categorization>
<confidentiality-impact>
<base>fips-199-low</base>
<confidentiality-impact><base>fips-199-low</base>
</confidentiality-impact>
<integrity-impact>
<base>fips-199-low</base>
<selected>fips-199-moderate</selected>
<adjustment-justification>
<p>Maliciously modified links are a concern</p>
</adjustment-justification>
<integrity-impact><base>fips-199-low</base><selected>fips-199-moderate</selected><adjustment-justification> <p>Maliciously modified links are a concern</p></adjustment-justification>
</integrity-impact>
<availability-impact>
<base>fips-199-low</base>
<availability-impact><base>fips-199-low</base>
</availability-impact>
</information-type>
</system-information>
Expand All @@ -89,29 +79,25 @@
<status state="operational" />
<authorization-boundary>
<description>
<p>This section describes an attached diagram of the authorization boundary for IFA
GoodRead Project's information system.</p>
<p>This section describes an attached diagram of the authorization boundary for IFAGoodRead Project's information system.</p>
</description>
</authorization-boundary>
<network-architecture>
<description>
<p>This section describes an attached diagram of the network architecture for IFA
GoodRead Project's information system.</p>
<p>This section describes an attached diagram of the network architecture for IFAGoodRead Project's information system.</p>
</description>
</network-architecture>
<data-flow>
<description>
<p>This section describes an attached diagram of various dataflows for application
and related elements of the IFA GoodRead Project's information system.</p>
<p>This section describes an attached diagram of various dataflows for applicationand related elements of the IFA GoodRead Project's information system.</p>
</description>
</data-flow>
</system-characteristics>
<system-implementation>
<user uuid="00d323d3-dc3f-4d93-900f-f13430e094d3">
<title>Application Administrator</title>
<description>
<p>The developer of the application supports IFA Public Affairs Officers by
administering the application and its infrastructure.</p>
<p>The developer of the application supports IFA Public Affairs Officers byadministering the application and its infrastructure.</p>
</description>
<role-id>developer</role-id>
<authorized-privilege>
Expand All @@ -128,10 +114,7 @@
<user uuid="61405ba7-edb4-4243-8461-79aac5805e5c">
<title>Public Affairs Officers</title>
<description>
<p>IFA Public Affairs Officers (PAOs) in each division of the agency review public
communications to citizens who are customers of the IFA. PAOs review requests
from colleagues to generate and publish content that is the target of a
shortlink and can unpublish shortlinks.</p>
<p>IFA Public Affairs Officers (PAOs) in each division of the agency review publiccommunications to citizens who are customers of the IFA. PAOs review requestsfrom colleagues to generate and publish content that is the target of ashortlink and can unpublish shortlinks.</p>
</description>
<role-id>public-affairs-office</role-id>
<authorized-privilege>
Expand Down Expand Up @@ -179,8 +162,7 @@
</inventory-item>
<inventory-item uuid="d911b560-f564-4715-8d2a-76f86127ac73">
<description>
<p>This is the web application framework upon which the developer writes the custom
GoodRead application for the user interface and API of this system.</p>
<p>This is the web application framework upon which the developer writes the customGoodRead application for the user interface and API of this system.</p>
</description>
<prop class="webserver-framework" name="software-name" value="Django Framework" />
<prop class="webserver-framework" name="software-version" value="4.2.1" />
Expand All @@ -202,8 +184,7 @@
</inventory-item>
<inventory-item uuid="0fb95c4c-ebfd-492e-8145-363eb7947dbe">
<description>
<p>This is the operating system for the web server that runs the custom GoodRead
application within the system.</p>
<p>This is the operating system for the web server that runs the custom GoodReadapplication within the system.</p>
</description>
<prop class="operating-system" name="software-name" value="Red Hat Enterprise Linux 9" />
<prop class="operating-system" name="asset-type" value="operating-system" />
Expand All @@ -213,8 +194,7 @@
</inventory-item>
<inventory-item uuid="cd39f700-23ab-4574-a17e-c9c8f073cbec">
<description>
<p>This inventory item is an instance from the AwesomeCloud Awesome Compute Service
(ACS) Service. It is a Linux server.</p>
<p>This inventory item is an instance from the AwesomeCloud Awesome Compute Service(ACS) Service. It is a Linux server.</p>
</description>
<prop class="linux-server" name="asset-id" value="instance-abcd1234" />
<prop class="linux-server" name="ipv4-address" value="172.1.2.3" />
Expand All @@ -227,8 +207,7 @@
</inventory-item>
<inventory-item uuid="d9550535-40b9-4d8b-861c-07aa8786bf43">
<description>
<p>This inventory item is an instance from the AwesomeCloud Awesome Load Balancer
(ALB) Service. It is a Linux server.</p>
<p>This inventory item is an instance from the AwesomeCloud Awesome Load Balancer(ALB) Service. It is a Linux server.</p>
</description>
<prop class="network-load-balancer" name="asset-type" value="appliance" />
<prop class="linux-server" name="asset-id" value="instance-defg7890" />
Expand Down Expand Up @@ -264,54 +243,7 @@
<implemented-requirement uuid="d5f9b263-965d-440b-99e7-77f5df670a11" control-id="ac-6.1">
<by-component component-uuid="551b9706-d6a4-4d25-8207-f2ccec548b89"
uuid="a4c2d318-26a9-49df-9818-ee0acaf066f2">
<description>
<p>The IFA GoodRead application and infrastructure are composed as designed and
implemented with lease privilege for the elements of this system.</p>
<p>For the IFA GoodRead application, the custom application is designed and
implemented on top of the Django Framework to enforce least privilege. The
application has a role for IFA Public Affairs Officers and one for the
developers for privileged permissions, respectively. Only the latter can
access or change administrative and security configurations and related
data.</p>
<p>The Django Framework and Django REST Framework (DRF), by default, allows any
user with the <code>is_staff</code> role attribute to access administrative
functions in an application using the framework. IFA GoodRead developers
have disabled this behavior, relying on the custom roles identified in the
relevant section.</p>
<p>For the IFA GoodRead database, the system account and accredentials for the
application to read and write to the system datastore has specific read and
write authorization for specific tables. This database service account does
not have full administrative permissions to add, modify, or delete all
respective tables. For the production environment, only the IFA GoodRead
developer has a dedicated account with equivalent permissions. Only local
network socket access, within in the Linux server, is permitted by host
firewall configuration. Remote access, privileged or unprivileged, is not
allowed remotely and the system engineer must locally authenticate for
access.</p>
<p>For the RedHat Linux server upon which the IFA GoodRead application is
deployed in this system, only the system engineer has a non-privileged user
to log in remotely via the SSH protocol to perform ad-hoc inspection,
monthly log review as required by policy and procedure, and emergency
debugging of the system. Privileged system administration operations may
only be performed with the <code>sudo</code> subsystem which requires a
password, two-factor authentication, and has enhanced logging of all
commands executed. The system engineer must log in remotely and then use <code>
sudo</code> to elevate privileges. Remote access with the privileged account
is prohibited by configuration and attempts are logged.</p>
<p>For this remote SSH access, least privilege is additionally enforced by
allowing this access via a specific network zone in the IFA GoodRead
AwesomeCloud account accessible to only the system engineer via IFA's VPN
solution, which requires the system engineer use a dedicated account with
their own password and two-factor authentication token.</p>
<p>For cloud account and API access to reconfigure the Linux server and its load
balancer, administrative access is only allowed for the system engineer via
a special AwesomeCloud IAM role. The authentication and authorization for
this role is controlled by an integration with the organization's single
sign-on solution. This solution will only be accessible and correctly
execute for them when they are on the VPN with their account with traffic
forwarded to the appropriate network zone in the IFA GoodRead account in
AwesomeCloud. It will not work the developer or any staff users of the
application.</p>
<description><p>The IFA GoodRead application and infrastructure are composed as designed and implemented with lease privilege for the elements of this system.</p><p>For the IFA GoodRead application, the custom application is designed and implemented on top of the Django Framework to enforce least privilege. The application has a role for IFA Public Affairs Officers and one for the developers for privileged permissions, respectively. Only the latter can access or change administrative and security configurations and related data.</p><p>The Django Framework and Django REST Framework (DRF), by default, allows any user with the <code>is_staff</code> role attribute to access administrative functions in an application using the framework. IFA GoodRead developers have disabled this behavior, relying on the custom roles identified in the relevant section.</p><p>For the IFA GoodRead database, the system account and accredentials for the application to read and write to the system datastore has specific read and write authorization for specific tables. This database service account does not have full administrative permissions to add, modify, or delete all respective tables. For the production environment, only the IFA GoodRead developer has a dedicated account with equivalent permissions. Only local network socket access, within in the Linux server, is permitted by host firewall configuration. Remote access, privileged or unprivileged, is not allowed remotely and the system engineer must locally authenticate for access.</p><p>For the RedHat Linux server upon which the IFA GoodRead application is deployed in this system, only the system engineer has a non-privileged user to log in remotely via the SSH protocol to perform ad-hoc inspection, monthly log review as required by policy and procedure, and emergency debugging of the system. Privileged system administration operations may only be performed with the <code>sudo</code> subsystem which requires a password, two-factor authentication, and has enhanced logging of all commands executed. The system engineer must log in remotely and then use <code> sudo</code> to elevate privileges. Remote access with the privileged account is prohibited by configuration and attempts are logged.</p><p>For this remote SSH access, least privilege is additionally enforced by allowing this access via a specific network zone in the IFA GoodRead AwesomeCloud account accessible to only the system engineer via IFA's VPN solution, which requires the system engineer use a dedicated account with their own password and two-factor authentication token.</p><p>For cloud account and API access to reconfigure the Linux server and its load balancer, administrative access is only allowed for the system engineer via a special AwesomeCloud IAM role. The authentication and authorization for this role is controlled by an integration with the organization's single sign-on solution. This solution will only be accessible and correctly execute for them when they are on the VPN with their account with traffic forwarded to the appropriate network zone in the IFA GoodRead account in AwesomeCloud. It will not work the developer or any staff users of the application.</p>
</description>
<implementation-status state="implemented" />
</by-component>
Expand Down

0 comments on commit ca05d91

Please sign in to comment.