System Access Controls #
TLDR: All access to runtime environments requires authentication and audit trails
Rationale: To meet our system access control policy, all access must be approved and auditable
Background #
As part of normal software development, it can be necessary to gain remote access to runtime environments. This can be for many reasons:
- Debugging the runtime environment
- Running migration scripts
- Inspecting the behaviour of running systems
This must be limited to authorized personnel and all activities performed should have full audit trails.
How we implement this control #
- Any remote shell session require SSO authentication and full adit trails are logged in Kosli here: https://app.kosli.com/kosli/audit-trails
- This forms part of our System Access Control Policy
- All access audit trails are reviewed