As a security officer, in order to maintain appropriate levels of security for maint8ianing and processing CUI, I would like store public challenge assets and controlled/sensitive information in separate S3 buckets.
Acceptance criteria:
[ ] Public challenge assets are separated into a separate S3 bucket
[ ] All challenge information and data remains accessible publicly
Definition of Done
Doing (dev team)
[ ] Code complete
[ ] Code is organized appropriately
[ ] Any known trade offs are documented in the associated GH issue
[ ] Code is documented, modules, shared functions, etc.
[ ] Automated testing has been added or updated in response to changes in this PR
[ ] The feature is smoke tested to confirm it meets requirements
[ ] Database changes have been peer reviewed for index changes and performance bottlenecks
[ ] PR that changes or adds UI
[ ] include a screenshot of the WAVE report for the altered pages
[ ] Confirm changes were validated for mobile responsiveness
[ ] PR approved / Peer reviewed
[ ] Move card to testing column in the board
Testing (dev team)
[ ] Security scans passed
[ ] Automate accessibility tests passed
[ ] Build process and deployment is automated and repeatable
[ ] Feature toggles if appropriate
[ ] Deploy to staging
Staging
[ ] Accessibility tested (Marni)
[ ] Keyboard navigation
[ ] Focus confirmed
[ ] Color contrast compliance
[ ] Screen reader testing
[ ] Usability testing: mobile and desktop (Tracy or Marni)
[ ] Cross browser testing (tool to be determined) (Tracy or Marni)
[ ] UI rendering is performant
[ ] AC review (Renata)
[ ] Deploy to production (production-like environment for eval capability) (dev team)
[ ] Move to production column in the board
Production
[ ] User and security documentation has been reviewed for necessary updates (Renata and Michelle)
[ ] PO / PM approved (Jarah or Renata)
[ ] AC is met and it works as expected (Jarah or Renata)
[ ] Move to done column in the board (Jarah or Renata)
User Story
As a security officer, in order to maintain appropriate levels of security for maint8ianing and processing CUI, I would like store public challenge assets and controlled/sensitive information in separate S3 buckets.
Acceptance criteria:
Definition of Done
Doing (dev team)
[ ] Move card to testing column in the board
Testing (dev team)
Staging
[ ] Move to production column in the board
Production