This implementation automates reporting to verify compliance with GC Cloud Guardrails. SSC and TBS review the results. Cette mise en œuvre automatise la production de rapports afin de vérifier la conformité aux mesures de sécurité infonuagique du GC. SPC et SCT examinent les résultats.
Other
7
stars
4
forks
source link
GR2 | Validation 3| Automated Role Reviews: Role Assignments for Users and Global Administrators (M) #159
ItemName: Automated Role Reviews: Role Assignments for Users and Global Administrators (M)
ItemNameFR:
Description: This is a new control to meet the following validation "Verify that a review of role assignment for root or global administrator accounts is performed at least every 12 months." This control will also touch on the sub point in validation 2 "Perform periodic reviews of role assignment (minimum yearly)". Goal is to check that the department is completing automated reviews on their role assignments.
Flow:
Department needs to onboard to access reviews. Check that the tenant has been "onboarded"
Department needs to have created at least 1 access review that occurs every 12 months of less.
Comments:
Compliant = Tenant has been onboarded to automated MS Access Reviews and has at least one access review.
Non-CompliantOnboard = Tenant has not been onboarded to automated MS Access Reviews.
Non-compliantReview= Tenant has not scheduled at least one access review.
ItemName: Automated Role Reviews: Role Assignments for Users and Global Administrators (M) ItemNameFR:
Description: This is a new control to meet the following validation "Verify that a review of role assignment for root or global administrator accounts is performed at least every 12 months." This control will also touch on the sub point in validation 2 "Perform periodic reviews of role assignment (minimum yearly)". Goal is to check that the department is completing automated reviews on their role assignments.
Flow:
References:
Comments: Compliant = Tenant has been onboarded to automated MS Access Reviews and has at least one access review. Non-CompliantOnboard = Tenant has not been onboarded to automated MS Access Reviews. Non-compliantReview= Tenant has not scheduled at least one access review.
Comments FR: