search

canada-ca / tracker

Track Government of Canada domains for adherence to digital security best practices and federal requirements.
39 stars 10 forks source link

Roadmap development for new set of domains (and Tracker 3.0) #3666

Closed h701h closed 2 years ago

h701h commented 2 years ago

Make sure orgs don't get too shocked at the rollout of 20k more domains, and link to the Tracker 3.0 rollout.

Push Milestone Start Schedule
1 New Design of T3 completed will look more like a SRS

1. X User Defined CRUD on domain listings
2. X User Defined tagging of domains (Prod, my fav, the 'wizard process')
3. X Audit logs of all user CRUD actions on domains
4. X Process to limit the hurt felt by org when we add 20k+ domains. (DT and devs)

5. X Get approval

Complete
1.5 Refine new design with better HTML prototype (in progress) https://github.com/canada-ca/tracker/issues/3667 In progress
1.5 Scenario planning for scanning domains (in Web Check context, also meet with UK team) https://github.com/canada-ca/tracker/issues/3859 In progress
2 Testing strategy selected (Devs) https://github.com/canada-ca/tracker/issues/3763 2022-07-29
2 SA&A strategy decision is final https://github.com/canada-ca/tracker/issues/3809 2022-07-29
3.0 Database changes frozen (isDeleted, etc.) 2022-08
3.5 T3 design coded (front end, tagging, scanning with profiles, one off scans, etc). User A/B testing strategy working 2022-08
4 Pruned and Imported new domains (they are hidden from users, but not admins) https://github.com/orgs/canada-ca/projects/1/views/1?filterQuery=s 2022-08-15
5 New Tracker dashboard numbers are available for sharing 2022-08-22
5 Outreach plan using new Tracker design and new dashboard numbers is ready to execute (no web checks yet) Outreach Labels 2022-08-29
6 UAT (using Outreach plan) with CCCS and another friendly org is complete https://github.com/canada-ca/tracker/issues/3763 2022-09
7 Soft rollout to most impacted orgs 2022-10
8 Launch with full Outreach plan Outreach Labels 2022-10
10 Role out new 'web checks; scanners 2022-11
h701h commented 2 years ago

Needs/Wants:

  1. Allow users/orgs the ability to decommission and calibrate their Tracker data.
  2. Allow users to audit actions done against their orgs domains (audit CRUD, dismiss findings, tagging, other).
  3. Drive more people to Tracker.
  4. Tactfully handle the increase in 10k+ domains.
  5. Bring in more scanners, like UK Web Checks

Way Forward:

  1. Turn Tracker into a Security Rating Service and a findings aggregator.
  2. Allow users to calibrate and enrich their own digital footprints. Every decision is tracked. Domains only get marked as 'deleted'. TBS OCIO does police the decisions..
  3. Allow users to tag their domains with additional info (my favs, production, scan ban times, Org App ID, TBD) .
  4. Allow users to 'dismiss' findings.
  5. Do a SA&A update because of the new data types being added?????????
  6. Add ability to bulk update domains (to be ‘except’ from the ITPIN for GCEARB consumption).
  7. Create (drip) outreach capability to reduce impact to orgs, and bring attention to new 'web check' scanners.

High Level Design for Way Forward

Note: See also https://github.com/canada-ca/tracker/issues/36671.

h701h commented 2 years ago

Merged into "milestone tracker 3.0" https://github.com/canada-ca/tracker/milestone/6