search

ssc-spc-ccoe-cei / azure-guardrails-solution-accelerator

This implementation automates reporting to verify compliance with GC Cloud Guardrails. SSC and TBS review the results. Cette mise en œuvre automatise la production de rapports afin de vérifier la conformité aux mesures de sécurité infonuagique du GC. SPC et SCT examinent les résultats.
Other
11 stars 5 forks source link

GR2 | Validation 2 and Validation 4 | Questions/ Clarifications #249

Closed MathesonSho closed 3 weeks ago

MathesonSho commented 1 month ago

Describe the bug Can only see one control that relates to the Privileged Account Management Plan in Guardrail 2. Additionally, there are some file formats we are not supporting for documents that aren't "read" by our tool. For example this file could be uploaded as a .pdf and the department would be non-compliant.

To Reproduce Steps to reproduce the behavior:

  1. Go to v2.1.0
  2. Dev or Test

Expected behavior Expected to see two controls in GR2 that rely on the Privileged Account Management Plan existing.

  1. Privileged Account Management Plan (Lifecycle of Account Management) (M)
  2. Privileged Account Management Plan (Least Privilege Role Assignment) (M)

Screenshots image

Questions

dutt0 commented 4 weeks ago
  1. We can either use one control (only one attestation file is required) for both validations or two separate controls (Need two attestation files with different names). The reference ticket 1 and ticket 2
  2. Need to discuss the requirement for all attestation files. Currently, for a specific control pdf is supported; not for all control.
MathesonSho commented 4 weeks ago

@dutt0

  1. One document attestation for both validations would be great. i.e., we should still see the 2 itemnames for both in the workbook and that they pass when that one file has been uploaded.
  2. Agreed that we should have a discussion. Overall thought is that we should only restrict format for files that our solution has to read/ grab information out of. to be continued..