Uploaded image for project: 'Hybrid Cloud Console'
  1. Hybrid Cloud Console
  2. RHCLOUD-27417

[Productize] Product Security Onboarding

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • Platform Pipeline Sprint 70, Platform Pipeline Sprint 71, Platform Pipeline Sprint 72, Platform Pipeline Sprint 73, Platform Pipeline Sprint 74, Platform Pipeline Sprint 75, Platform Pipeline Sprint 76

      Where to Start: Establish a relationship with the ProdSec Security Architect assigned to the program. If you do not have a Security Architect, request one by reaching out to.... phruza@redhat.com who will help with Security Architect assignment for your offering 

      Background: RH needs to provide customers assurance that Red Hat has the right approach and emphasis to meet and deliver security requirements.  To deliver this assurance, teams must go through the Red Hat Secure Development Lifecycle (RH-SDL) with the ultimate goal of meeting SSML Tier 2 standards. This is a requirement for selling into the US Federal space and into regulated industries going forward

      Can I skip this task? You cannot skip this task - you must outline a plan for meeting SDL requirements

      What if I need an exception? If you are not in a position to meet the SSML criteria, you will need an exception. Note that the main objective of this exception process is to ensure that there is formal collaboration between the service team and product security and that a reasonable remediation plan is in place. The intent is to support the service team in meeting their goals and planned deliverables. Create a tracker in PSX to link to the document following the process described here and ask your ProdSec architect and stakeholders to review and sign off. Further details about the Product Security Exception process can be found here.  

      Deliverable/Completion criteria: 

      Getting Help: Ordinarily your Program Manager (PgM) can help with getting a Security Architect assigned to your team. If the PgM is unavailable, an email to  prodsec-request@redhat.com can be used to initiate contact.

              rhn-support-jhatcher Jessica Hatcher
              rhn-support-jhatcher Jessica Hatcher
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: