System Access Controls #

Control Code: KCC4

TLDR: All access to runtime environments requires authentication and audit trails

Rationale: To meet our system access control policy, all access must be approved and auditable

Background #

As part of normal software development, it can be necessary to gain remote access to runtime environments. This can be for many reasons:

• Debugging the runtime environment
• Running migration scripts
• Inspecting the behaviour of running systems

This must be limited to authorized personnel and all activities performed should have full audit trails.

How we implement this control #

• Any remote shell session require SSO authentication and full adit trails are logged in Kosli here: https://app.kosli.com/kosli/audit-trails
• This forms part of our System Access Control Policy
• All access audit trails are reviewed