Versions Compared

Old Version 1

changes.mady.by.user Alexander Dibbo

Saved on

compared with

New Version 2

changes.mady.by.user John Good

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In order to maintain our security posture, . we require Instances to meet the following compliance rules.:

Compliance Rules

You must

  • Update instances in line with our patching policy.

  • Send instance logs to the SCD central loggers

  • Leave Pakiti installed and configured for vulnerabilities in packages

  • Have the Wazuh agent running and connected to the STFC Cloud Wazuh server

  • Update the STFC Cloud Operations Team ssh keys as required

  • Migrate or remove instances before communicated deadlines

  • Ensure that someone in your project has access to each instance

  • Ensure that instances within your project have someone who is responsible for them

  • Ensure that a minimal set of security group rules is used

  • Let us know if someone leaves or the membership of your project changes at cloud-support@stfc.ac.uk

  • Comply with Organisational Information Security Policy particularly regarding the Roles and Responsibilities of System Administrators together with familiarising yourself with the supporting policy framework available at Science and Technology Facilities Council (STFC)  and Acceptable Use Policy | Jisc community  (or for STFC Staff at https://ukri.sharepoint.com/sites/thesource-stfc/SitePages/Information-Security-and-You.aspx Connect your OneDrive account )

  • Respond to Security patching or other change notifications and instructions issued by the Cloud Operations Group within the timescales specified in the message.

  • Report any suspected or actual security incident or other misuse of the VM immediately to cloud-support@stfc.ac.uk and must not attempt to remedy or investigate yourself.

  • Ensure that all applicable license and terms and conditions of use are met.

  • Ensure that any secrets (passwords, certificates, ssh keys, kerberos keys etc) are kept secret and apply and maintain appropriate protection to prevent exposure or misuse for all such credentials and NOT export private keys or take any other action which would prejudice credential re-use in future VM instances.

  • Inform the STFC Cloud Operations Team immediately if you can no longer abide by the existing or updated Terms of Service at cloud-support@stfc.ac.uk

...