Skip to content

Process Authorization Security Requests #19

New issue
New issue
Open
Open
Process Authorization Security Requests#19
Labels
Epic
@djfurman

Description

@djfurman
djfurman
opened on Oct 24, 2017

In order to access the system, a user must request an access role. This should be done through self-service and then approved through a chain of command in order to validate

  • need to access the system
  • the appropriate level of access has been requested
  • user identification information
  • valid/current security training/clearance

An example of this process and one that needs to be supported is the Department of Defense Form DD-2875; however, this form is specific to the Defense Department and should not be directly implemented as other agencies have their own processes which should be honored.

Regardless of specific artifacts, the system should

  • gather information from authoritative sources (CAC/PIV)
  • support customized workflow
  • produce necessary artifacts
  • ensure that appropriate timeout/re-certification of need are honored
  • be tied to RBAC authorizations
  • enforce basic separation of duties (tied to RBAC authorizations)
  • obfuscate identifying information about users and ensure that no single penetration can tie a user's identity to their transactions

Metadata

Metadata

Assignees

No one assigned

    Labels

    Epic

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions