Open gracekretschmer-metrostar opened 1 week ago
9/12: I met with Edmund and he's going to own completing this audit and get with Tim to understand if there's any way that we can put a filter within Drupal to block employee emails from getting sent to Data Dog.
User Story or Problem Statement
As OCTO Lead Security Engineer, I need to understand the where there is PII leak from Drupal data in Datadog, how it impacts users, and level of effort to remove that data.
Description or Additional Context
If there are other instances where employee emails are used in Data Dog, scope out those instances (including level of effort) and then regroup with Jonathan about how he wants to move forward. Note: in Drupal CMS, the username is the user's email address.
Guidance on what is PII by VA Security
Steps for Implementation
Acceptance Criteria
Tickets