Review Security Control checklist and SOAR document - Githubissues

bcgov / quickstart-openshift

QuickStart template targeted for OpenShift.

https://quickstart-openshift-test-frontend.apps.silver.devops.gov.bc.ca/

Apache License 2.0

30 stars 4 forks source link

Review Security Control checklist and SOAR document #1495

Open webgismd opened 1 year ago

webgismd commented 1 year ago

As a (User Type/Persona) I want (Feature/enhancement) So That (Value, why is this wanted, what is the user trying to accomplish)

As a director, I want to know and tell the story about how DevOps can cover off items listed in the SOAR and Security control checklist.. two documents that can be used to get a signed STRA... this can also feed into the latest condos or SDLC standards.

Additional Context

enter text here
enter text here

Acceptance Criteria

[ ] Given (Context), When (action carried out), Then (expected outcome)
[ ] Given (Context), When (action carried out), Then (expected outcome) Given the completion of documentation. Then directors and newbs can understand the benefits of devops.

Definition of Done

[x ] Ready to Demo in Sprint Review
[ ] Does what I have made have appropriate test coverage?
[ ] Documentation and/or scientific documentation exists and can be found
[x ] Peer Reviewed by 2 people on the team
[ ] Manual testing of all PRs in Dev and Prod
[ ] Merged

webgismd commented 1 year ago

Might need two tickets for this dunno

DerekRoberts commented 1 year ago

@webgismd Could you please point me to the relevant docs? No worries about tickets. :)

webgismd commented 1 year ago

BC IDIM Key STRA Controls and an example

webgismd commented 1 year ago

there could be other things to peruse here and child pages -- https://apps.nrs.gov.bc.ca/int/confluence/display/FSAST1/Security+and+Privacy

DerekRoberts commented 11 months ago

https://www2.gov.bc.ca/assets/gov/government/services-for-government-and-broader-public-sector/information-technology-services/standards-files/imit_611_security_threat_risk_assessment_standard.pdf

https://www2.gov.bc.ca/gov/content/governments/services-for-government/policies-procedures/im-it-standards/find-a-guideline-policy

https://www2.gov.bc.ca/gov/content/governments/services-for-government/information-management-technology/information-security/security-threat-and-risk-assessment/concepts

https://intranet.gov.bc.ca/thehub/ocio/ocio-enterprise-services/information-security-branch/vulnerability-and-risk-management/security-threat-and-risk-assessment

https://intranet.gov.bc.ca/thehub/ocio/ocio-enterprise-services/information-security-branch/vulnerability-and-risk-management/web-app-scanning

https://www2.gov.bc.ca/gov/content/governments/services-for-government/information-management-technology/information-security/professional-development

DerekRoberts commented 11 months ago

https://owasp.org/www-project-top-ten/

https://www.cisecurity.org/benchmark/postgresql