Skip to content

Commit

Permalink
update, add some text to req
Browse files Browse the repository at this point in the history
  • Loading branch information
Don Badrak committed Jun 19, 2020
1 parent 9a18b0e commit 448c08a
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,20 +4,20 @@ Module for creating Title 26 Compliant S3 Buckets

# Requirements

1. Encryption enforcement on the Bucket Policy 
1. Only Cloud Administrators have bucket delete permissions
1. Permissions tightly controlled with Bucket Policy and IAM role/policy for users, instances, and other services
1. Dedicated KMS CMK key 
1. Encryption enforcement on the Bucket Policy 
1. Dedicated KMS Customer Master Key (CMK) created per S3 bucket
1. MFA enforced API calls – required for all data migrations (Cloud and Data Admins)
1. Object Level Logging enabled with 7 year retention on CloudWatch Log Group
1. Backup logs to BCC (How often?)
* Backup logs to BCC (How often?)
1. Server Access Logging enabled with 7 year retention on CloudWatch Log Group
1. Backup logs to BCC (How often?)
* Backup logs to BCC (How often?)
1. Versioning enabled
1. Monthly Security Audit reviews
* By customer?
* By CSvD Security?
1. IP Address Restriction policy enforced
1. Not publically accessible
1. Customer signature for key deletion(s) during decommissioning(s) and maximum wait period
1. Delete CMK key for Data Sanitization.
1. Delete CMK for Data Sanitization

0 comments on commit 448c08a

Please sign in to comment.