Site Access Controls

CSDEV

Site Access Controls

Covers the ff: PM 1130 Service Access Request Procedure, PM 1130.1 Manual Washing of User Access on Products Work Instruction, PM 1128 Site Access Request Procedure, PM 1132 Application Key Management Procedure, PL 1024 Password Policy

Questions 6 of 20

Timer
0
Score
0

Questions 8 of 20

Timer
0
Score
0

Site Access Controls

The UberTicket to file when requesting a new application key or the update of an existing one.

[PB0965] CSDEVS Product/3rd Party Integration Request

[PB0962] DevOps Site Listing Request

[PB0961] CSDEVS Request to Grant or Revoke Access

Questions 9 of 20

Timer
0
Score
0

Site Access Controls

The UberTicket to file when requesting the whitelisting or blacklisting of a site for a user.

[PB0962] DevOps Site Listing Request

[PB0961] CSDEVS Request to Grant or Revoke Access

[PB0965] CSDEVS Product/3rd Party Integration Request

Questions 10 of 20

Timer
0
Score
0

Site Access Controls

What are the password requirements for Cloudstaff applications?

C. Minimum character length should be 12 characters.

B. User cannot reuse last 3 passwords.

E. Must have at least 1 upper case letter, 1 lower case letter and 1 special character.

D. Minimum character length should be 8 characters.

A, D & F

A. User cannot reuse a password.

F. Must have at least 1 upper case letter, 1 lower case letter, 1 number and 1 special character.

B, C & F

A, C & F

Questions 12 of 20

Timer
0
Score
0

Site Access Controls

Who is responsible for processing UberTicket requests to gain / revoke access to a restricted site or product?

Cloud Engineer

Directly Responsible Individual (DRI) / Point of Contact (POC)

Business Analyst / Product Owner / Squad Lead

Software Engineer

Questions 15 of 20

Timer
0
Score
0

Site Access Controls

The UberTicket to file when requesting access to services related to the server, database or code repositories.

[PB0961] CSDEVS Request to Grant or Revoke Access

[PB0962] DevOps Site Listing Request

[PB0965] CSDEVS Product/3rd Party Integration Request

Questions 17 of 20

Timer
0
Score
0

Site Access Controls

Processing UberTicket requests to whitelist / blacklist a site can only be done by whom?

Cloud Engineers or Software Engineers.

Cloud Engineers.

Senior Cloud Engineers.

Software Engineers

Questions 18 of 20

Timer
0
Score
0

Site Access Controls

If a request for a new application key has been filed via UberTicket and it was verified that the application key does not exist, what is the next step?

The Cloud Engineer must generate the application key required.

Either the Senior Cloud Engineer or Senior Software Engineer must generate the application key required.

The Senior Software Engineer must generate the application key required.

Questions 19 of 20

Timer
0
Score
0

Site Access Controls

The UberTicket to file when requesting for admin access to a product.

[PB0962] DevOps Site Listing Request

[PB0965] CSDEVS Product/3rd Party Integration Request

[PB0961] CSDEVS Request to Grant or Revoke Access

Site Access Controls

You finished!

Shared credentials must be shared through CS Bolt so that access and changes can be logged.

The target performance for the Service Access Request Procedure is considered to have been met if there are minimal incidents of unauthorized access to applications developed by Cloudstaff.

Access to CS Bolt is restricted to Cloudstaff IP addresses only.

Either a Senior Cloud Engineer or a Senior Software Engineer can verify through Passbolt if an application key is on record.

If Google Single Sign-On (SSO) is used as an authentication method, the Google password policy applies.

What is involved in the manual washing of a product's user access?

The use of multi-factor authentication is not necessary when accessing CS Bolt for as long as the authorized staff is using a Cloudstaff IP address.

The UberTicket to file when requesting a new application key or the update of an existing one.

The UberTicket to file when requesting the whitelisting or blacklisting of a site for a user.

What are the password requirements for Cloudstaff applications?

Work-from-home staff who are authorized to access CS Bolt must use a VPN.

Who is responsible for processing UberTicket requests to gain / revoke access to a restricted site or product?

The manual washing of user access on Cloudstaff applications is required to be done when?

Any unauthorized access to Cloudstaff sites or third-party sites used by Cloudstaff requires a Corrective Action Request (CAR) to be raised.

The UberTicket to file when requesting access to services related to the server, database or code repositories.

Account recovery is possible in CS Bolt.

Processing UberTicket requests to whitelist / blacklist a site can only be done by whom?

If a request for a new application key has been filed via UberTicket and it was verified that the application key does not exist, what is the next step?

The UberTicket to file when requesting for admin access to a product.

Application keys are stored in Passbolt.