mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 17:08:53 +00:00
Editor pass - Adding access control policy (#5570)
Editor pass for: https://github.com/fleetdm/fleet/pull/5480 Since the lists after "Fleet policy requires that:" are completing the thought (sentence), they begin with lowercase letters.
This commit is contained in:
Desmi-Dizney
GitHub
parent
adb1f53d63
commit
1528555732
1 changed files with 18 additions and 18 deletions
|
|
@ -87,53 +87,53 @@ Encryption and key management for local disk encryption of end-user devices foll
|
|||
|
||||
Fleet requires all workforce members to comply with the following acceptable use requirements and procedures, such that:
|
||||
|
||||
1. Access to all computing resources, including servers, end-user computing devices, network equipment, services and applications, must be protected by strong authentication, authorization, and auditing.
|
||||
1. Access to all computing resources, including servers, end-user computing devices, network equipment, services, and applications, must be protected by strong authentication, authorization, and auditing.
|
||||
|
||||
2. Interactive user access to production systems must be associated to an account or login unique to each user.
|
||||
2. Interactive user access to production systems must be associated with an account or login unique to each user.
|
||||
|
||||
3. All credentials, including user passwords, service accounts, and access keys, must meet the length, complexity, age, and rotation requirements defined in Fleet security standards.
|
||||
|
||||
4. Use strong password and two-factor authentication (2FA) whenever possible to authenticate to all computing resources (including both devices and applications).
|
||||
4. Use a strong password and two-factor authentication (2FA) whenever possible to authenticate to all computing resources (including both devices and applications).
|
||||
|
||||
5. 2FA is required to access any critical system or resource, including but not limited to resources in Fleet production environments.
|
||||
|
||||
6. Unused accounts, passwords, access keys must be removed within 30 days.
|
||||
6. Unused accounts, passwords, and access keys must be removed within 30 days.
|
||||
|
||||
7. A unique access key or service account must be used for different application or user access.
|
||||
7. A unique access key or service account must be used for different applications or user access.
|
||||
|
||||
8. Authenticated sessions must time out after a defined period of inactivity.
|
||||
|
||||
#### Access authorization and termination
|
||||
|
||||
Fleet policy requires that
|
||||
Fleet policy requires that:
|
||||
|
||||
1. Access authorization shall be implemented using role-based access control (RBAC) or similar mechanism.
|
||||
1. access authorization shall be implemented using role-based access control (RBAC) or a similar mechanism.
|
||||
|
||||
2. Standard access based on a user's job role may be pre-provisioned during employee onboarding. All subsequent access requests to computing resources must be approved by the requestor’s manager, prior to granting and provisioning of access.
|
||||
2. standard access based on a user's job role may be pre-provisioned during employee onboarding. All subsequent access requests to computing resources must be approved by the requestor’s manager prior to granting and provisioning of access.
|
||||
|
||||
3. Access to critical resources, such as production environments, must be approved by the security team in addition to the requestor’s manager.
|
||||
3. access to critical resources, such as production environments, must be approved by the security team in addition to the requestor’s manager.
|
||||
|
||||
4. Access must be reviewed on a regular basis and revoked if no longer needed.
|
||||
4. access must be reviewed on regularly and revoked if no longer needed.
|
||||
|
||||
5. Upon termination of employment, all system access must be revoked and user accounts terminated within 24 hours or one business day, whichever is shorter.
|
||||
5. upon termination of employment, all system access must be revoked, and user accounts terminated within 24 hours or one business day, whichever is shorter.
|
||||
|
||||
6. All system access must be reviewed at least annually and whenever a user's job role changes.
|
||||
6. all system access must be reviewed at least annually and whenever a user's job role changes.
|
||||
|
||||
#### Shared secrets management
|
||||
|
||||
Fleet policy requires that
|
||||
Fleet policy requires that:
|
||||
|
||||
1. Use of shared credentials/secrets must be minimized.
|
||||
1. use of shared credentials/secrets must be minimized.
|
||||
|
||||
2. If required by business operations, secrets/credentials must be shared securely and stored in encrypted vaults that meet the Fleet data encryption standards.
|
||||
2. if required by business operations, secrets/credentials must be shared securely and stored in encrypted vaults that meet the Fleet data encryption standards.
|
||||
|
||||
#### Privileged access management
|
||||
|
||||
Fleet policy requires that
|
||||
Fleet policy requires that:
|
||||
|
||||
1. Automation with service accounts must be used to configure production systems when technically feasible.
|
||||
1. automation with service accounts must be used to configure production systems when technically feasible.
|
||||
|
||||
2. Use of high privilege accounts must only be performed when absolutely necessary.
|
||||
2. use of high privilege accounts must only be performed when absolutely necessary.
|
||||
|
||||
|
||||
<meta name="maintainedBy" value="guillaumeross">
|
||||
|
|
|
|||
Loading…
Reference in a new issue