Federal employees and staff contractors, expand this section. Not applicable to project contractors.
Engineers who are federal employees or staff contractors have a Contingency Plan role and may participate in Incident Response, so they must complete the CP and IR trainings. Project contractors do not need to complete these trainings. Check one of the following:
- [ ] Coordinate with your onboarding buddy to schedule Contingency Planning training within 60 days. (and annually after that). This will cover the following document, which you should also review before or after training:
- [ ] Read the [Contingency Plan](https://cloud.gov/docs/ops/contingency-plan/).
- [ ] Coordinate with your onboarding buddy to schedule [Incident Response Training](https://docs.google.com/presentation/d/1AZjQE8zBzMRWZIFUuJPkJLted1ykGtALrLPoPRx5Vls/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following document, which you should also review before or after training:
- [ ] Read the [Incident Response Guide](https://cloud.gov/docs/ops/security-ir/).
[ ] Read the cloud.gov Security Policies and Procedures. These documents explain the high-level policies and procedures we must comply with while running cloud.gov, sorted into security control "families" They explain that we follow GSA IT security policy, and they provide a summary of the procedures in our System Security Plan.
[ ] Review the System Security Plan (the latest version lives on Google Drive; look for "cloud.gov System Security Plan (SSP)" as a .docx file). Of particular note for onboarding: Section 9 (System Description) and Section 10 (System Environment)
Getting to know cloud.gov
These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc. While you
should take the time to go through them, please do not try and tackle it all in one shot! It can become overwhelming
very quickly, so your onboarding buddy will walk through this list with you at a high level with you to help manage the work.
[ ] Sign up for a cloud.gov sandbox using your GSA email address and start experimenting to get familiar with the basics of the PaaS from a user's perspective.
[ ] Read our service disruption guide to learn how we handle customer-facing service disruptions.
Slack channels
Your onboarding buddy will add you to these Slack channels:
[x] #cg-aws-security - private channel where bots post security notices
[ ] #cg-incidents - private channel for incident response
[ ] #cg-ops-banter - private channel for operations/engineering banter
[ ] #cg-priv-compliance - private channel for security and compliance discussions
You will want to keep #cg-support unmuted so you are aware of requests from TTS-internal customers of cloud.gov.
Support-specific items
Machine admin rights
[ ] In order to install development tools on your Mac, you will need to request local admin rights by submitting a ServiceDesk ticket using this justification. If you're unable to create a ticket for yourself, your onboarding buddy can create one for you.
Additional compliance setup/review
[ ] Install caulking git leak prevention by following the README
[ ] Verify caulking by running make audit and pasting a screenshot as a comment on this GitHub issue
[ ] Set GPG signing set up for GitHub (instructions here)
New Support Team Member Onboarding Checklist
Special Notes
Complete additional cloud.gov trainings
Federal employees and staff contractors, expand this section. Not applicable to project contractors.
Engineers who are federal employees or staff contractors have a Contingency Plan role and may participate in Incident Response, so they must complete the CP and IR trainings. Project contractors do not need to complete these trainings. Check one of the following: - [ ] Coordinate with your onboarding buddy to schedule Contingency Planning training within 60 days. (and annually after that). This will cover the following document, which you should also review before or after training: - [ ] Read the [Contingency Plan](https://cloud.gov/docs/ops/contingency-plan/). - [ ] Coordinate with your onboarding buddy to schedule [Incident Response Training](https://docs.google.com/presentation/d/1AZjQE8zBzMRWZIFUuJPkJLted1ykGtALrLPoPRx5Vls/edit#slide=id.p) within 60 days of joining the team (and annually after that). This will cover the following document, which you should also review before or after training: - [ ] Read the [Incident Response Guide](https://cloud.gov/docs/ops/security-ir/).Learn our policies and procedures
Getting to know cloud.gov
These items will help you come up to speed on cloud.gov and what it is, how it works, why it exists, etc. While you should take the time to go through them, please do not try and tackle it all in one shot! It can become overwhelming very quickly, so your onboarding buddy will walk through this list with you at a high level with you to help manage the work.
Slack channels
Your onboarding buddy will add you to these Slack channels:
#cg-aws-security
- private channel where bots post security notices#cg-incidents
- private channel for incident response#cg-ops-banter
- private channel for operations/engineering banter#cg-priv-compliance
- private channel for security and compliance discussionsYou will want to keep
#cg-support
unmuted so you are aware of requests from TTS-internal customers of cloud.gov.Support-specific items
Machine admin rights
Additional compliance setup/review
caulking
git leak prevention by following the READMEcaulking
by runningmake audit
and pasting a screenshot as a comment on this GitHub issueInstall a development environment for cloud.gov
brew
)brew tap cloudfoundry/tap
brew install cf-cli@8
brew install openssl
cf login -a api.fr.cloud.gov --sso
cf orgs