View on GitHub

cloud-guardrails

Minimum guardrails for GC's cloud operationalization framework.

Enterprise Monitoring Accounts

Objective

Create role-based account to enable enterprise monitoring and visibility.

Key Considerations

[ ] Assign roles to approved GC stakeholders to enable enterprise visibility. Roles include billing reader, policy contributor/reader, security reader, and global reader.
[ ] Ensure that multi-factor authentication mechanism for enterprise monitoring accounts is enabled.

Validation

[ ] Confirm presence of GC enterprise role-based accounts created by Department for GC approved stakeholders.
[ ] Confirm that accounts have appropriate read access to Departmental tenant environment.

Applicable Service Models

IaaS, PaaS, SaaS

References

SPIN 2017-01, subsection 6.2.3
CSE Top 10 #2
Related security controls: AC‑2, AC‑2(1), AC‑3, AC‑5, AC‑6, AC‑6(5), AC‑6(10), AC‑7, AC‑9, AC‑19, AC‑20(3), IA‑2, IA‑2(1), IA‑2(2), IA‑2(11), IA‑4, IA‑5, IA‑5(1), IA‑5(6), IA‑5(7), IA‑5(13), IA‑6, IA‑8