freedonia.fd
Description for this repository: hello_world
Components specified in this repository
- Origin: Local file
- Audit Policy:
- Documentation complete: False
- Schema version: 3.0.0
- References:
- Satisfies:
- Control key: AU-1
- Standard key: FRIST-800-53
- Covered by: None
- Implementation status: implemented
This text describes how our organization is meeting the requirements for the
Audit policy, and also references a more complete description at ./AU_policy/README.md
Since the AU-1 `control` is to document and disseminate a policy on Audit and Accountability, then
this narrative suffices to provide that control. A verification step could be something
that checks that the referenced policy is no more than 365 days old.- Control key: AU-2
- Standard key: FRIST-800-53
- Covered by: None
- Implementation status: none
Application and Server logs are sent to PaperTrail to provide audit
reduction and report generation capabilites for Freedonia Devops and end users
of the Freedonia hello_world system.
PaperTrail is a SaaS for aggregation of audit log data across multiple systems and tiers
With the PaperTrail capability the organizations's operations and development teams
can structure and customize audit logs queries to specific app instances, API
calls, system metrics, user access, system components, network traffic flow and
other criteria.
External systems
- Origin: https://github.com/opencontrol/freedonia-aws-compliance/: master
- AWS Core:
- Documentation complete: False
- Satisfies:
- Covered by: None
- Control origin: inherited
- Standard key: FRIST-800-53
- Control key: PE-2
- Implementation status: complete
PE-2 - Physical Access Authorizations
This text describes how our organization is meeting the requirements for the
PE-2 by dint of inheriting an approved set of Physical Environment controls
with our use of AWS east/west or AWS GovCloud. - Schema version: 3.0.0
- AWS Implementation:
- Documentation complete: False
- Schema version: 3.0.0
- References:
- Satisfies:
- Control key: AU-2
- Standard key: FRIST-800-53
- Covered by: None
- Implementation status: none
AU-2 - Audit Events
All AWS events are sent to AWS CloudWatch.
This is implemented with our Terraform build using the
`aws_cloudtrail` resource (https://www.terraform.io/docs/providers/aws/r/cloudtrail.html)
A verification step can be done by confirming the existence
of the Cloudwatch bucket etc. with InSpec.- Control key: SC-1
- Standard key: FRIST-800-53
- Covered by: None
- Implementation status: none
SC-1 - System and Communications Protection Policy and Procedures
This text describes how our organization is meeting the requirements for the
Security Controls policy, and also references a more complete description at
the referenced document at
https://github.com/opencontrol/freedonia-aws-compliance/wiki/Security-Controls
Since the SC-1 `control` is to document and disseminate a policy on
Security Controls
this narrative suffices to provide that control. A verification step could be something
that checks that the referenced policy is no more than 365 days old.- Control key: SC-7
- Standard key: FRIST-800-53
- Covered by: None
- Implementation status: none
SC-7 - Boundary protection
Boundary protection is provided, in AWS, with Security Groups that do not allow
ingress except to port 443 on the ELBs
Verification: No security groups allow 0.0.0.0 inbound except ones named 'elb.*' can
allowed port 443 to 0.0.0.0 (testing with InspecAws)
External standards
- Origin: https://github.com/opencontrol/freedonia-frist/: master
- FRIST-800-53:
- PE-2:
- Family: PE
- XX-1:
- Family: XX
- AU-2 (3):
- Family: AU
- AU-1:
- Family: AU
- SC-7:
- Family: SC
- AU-2:
- Family: AU
- SC-1:
- Family: SC
- PE-2:
External certification sets
- Origin: https://github.com/opencontrol/freedonia-frist/: master
- AU-1 (from FRIST-800-53) - Satisfied
- PE-2 (from FRIST-800-53) - Satisfied
- SC-7 (from FRIST-800-53) - Satisfied
- AU-2 (from FRIST-800-53) - Satisfied
- SC-1 (from FRIST-800-53) - Satisfied