Uploaded image for project: 'Hybrid Cloud Console'
  1. Hybrid Cloud Console
  2. RHCLOUD-23324

[Productize] Enterprise Security Standard - InfoSec

    XMLWordPrintable

Details

    • Platform Pipeline Sprint 59, Platform Pipeline Sprint 60, Platform Pipeline Sprint 61

    Description

      Purpose (The Why): The objective of ESS is to provide a baseline of technical, and operational requirements ensuring basic security and data protection across Red Hat enterprise. Following this standard helps preserve "CIAR" (Confidentiality, Integrity, Availability and Resiliency) of Red Hat data hosted within our systems, applications, platforms, and at third party service providers by managing risks adequately with a defense-in-depth strategy towards the ultimate goal of effective enterprise risk management. Building and maintaining our applications/systems/platforms to this standard becomes increasingly important as we encourage customers and partners to entrust us with more of their data to make the best use of our products and services.

      *Contacts: *The best way to get action for general ESS questions is infosec@redhat.com.Shankar Chebrolu, schebrol@redhat.com is a specific contact within that team.

       

      Consulted: Program Management, Product Management, Infosec

      Prerequisite/ Input: Architectural Summary

      *Next task: * The ESS may require a Service Impact Analysis document to be completed. Once the ESS is submitted, it will be reviewed by Infosec and recommendations made. The next step will be to review the priority of these recommendations with Infosec and schedule any follow up actions.

      *Dependencies: * The requirement for an ESS may also be referenced in the Privacy Impact Assessment (PIA) and SRE Onboarding

      Deliverable/ Competition criteria: Completed Enterprise Security Standard (ESS) Assessment, reviewed and approved by Infosec
      *
      Expected duration/ effort: * Following submission of the ESS assessment, it will be reviewed by Infosec. Infosec will provide recommendations and the team should agree how to address these recommendations and in what timeframe in collaboration with Infosec. You should complete the ESS early in the development cycle, post the Architectural Summary

      *Supporting documentation/ Best Practices: *
      How to Initiate an ESS and more information on the ESS

      ESS Assessments completed

      Exception Process: This is a required task and any queries regarding exceptions should be directed to infosec@redhat.com

      How to get help:
      Managed Services CoP GChat
      ROMS Jira ticket

      Attachments

        Activity

          People

            comitche@redhat.com Cody Mitchell
            rhn-support-rabbott Ryan Abbott
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: