This implementation automates reporting to verify compliance with GC Cloud Guardrails. SSC and TBS review the results. Cette mise en œuvre automatise la production de rapports afin de vérifier la conformité aux mesures de sécurité infonuagique du GC. SPC et SCT examinent les résultats.
Other
11
stars
4
forks
source link
GR 2 & 3 Enhancement: More Explicit/ Unique MFA Checks ---> Now Guardrail 1 in v2.0 #77
This needs to be updated to match v2.0 IGNORE BELOW
Is your feature request related to a problem? Please describe.
GR 1, 2, 3 have validations required to check MFA separately. GR 2 needs to look for other Cloud Administrators configuration of MFA. Guardrail 3 needs to look at everyone's configuration.
MFA Difference per Guardrail Suggested:
Guardrail 1 : Global Administrators Accounts MFA check (M) (no change required)
Guardrail 2: Other Administrator Accounts MFA check (M)
Guardrail 3: All Accounts MFA Check (M)
Describe the solution you'd like
Could we have two additional Mandatory MFA Controls? The difference between the 3 is that different accounts (scope of accounts) are being checked for the new Mandatory Controls.
Guardrail 2: Other Administrator Accounts MFA check (M)
Similar to the Guardrail 1 GA MFA Check Except we are looking for all other cloud administrators. This can be done be having the department list the administrator roles they want us to look for. Or listing the UPNs of the individuals with administrator roles. Or another way?
Guardrail 3: All Accounts MFA Check (M)
Check all UPNs (except for the BG Accounts listed in the config.json) and report on the ones that do not have MFA enabled. Or another way?
Additional context
This is considered an enhancement as these controls do not currently exist.
MathesonSho
commented
5 months ago
This needs to be updated to match v2.0 IGNORE BELOW
Is your feature request related to a problem? Please describe.
GR 1, 2, 3 have validations required to check MFA separately. GR 2 needs to look for other Cloud Administrators configuration of MFA. Guardrail 3 needs to look at everyone's configuration.
MFA Difference per Guardrail Suggested:
Describe the solution you'd like Could we have two additional Mandatory MFA Controls? The difference between the 3 is that different accounts (scope of accounts) are being checked for the new Mandatory Controls.
Guardrail 2: Other Administrator Accounts MFA check (M)
Guardrail 3: All Accounts MFA Check (M)
Additional context This is considered an enhancement as these controls do not currently exist.