system-security-plan:
uuid: 5e139edd-86aa-4b65-8431-1192bd276658
metadata:
title: IFA GoodRead System Security Plan
published: "2023-05-19T14:46:54-04:00"
last-modified: "2024-03-01T13:57:28.355446-04:00"
version: "1.1"
oscal-version: 1.1.2
roles:
- id: owner
title: IFA GoodRead Owner
- id: developer
title: IFA GoodRead Developer
- id: system-engineer
title: IFA GoodRead System Engineer
- id: public-affairs-office
title: IFA Public Affairs Office
parties:
- uuid: ba9c12bd-e5ef-46b6-95a2-4d8e7f864c1a
type: person
name: Owen Stilskin
member-of-organizations:
- 3a675986-b4ff-4030-b178-e953c2e55d64
- uuid: 67c04291-dbf6-495a-a3ba-0011638acc94
type: person
name: Juno Styles
member-of-organizations:
- 3a675986-b4ff-4030-b178-e953c2e55d64
- uuid: 4ba3f2b7-e894-48d7-b940-91c68661df55
type: person
name: Xavier Jones
member-of-organizations:
- 3a675986-b4ff-4030-b178-e953c2e55d64
- uuid: 3a675986-b4ff-4030-b178-e953c2e55d64
type: organization
name: Important Federal Agency
short-name: IFA
links:
- href: https://www.ifa.gov
rel: website
responsible-parties:
- role-id: owner
party-uuids:
- ba9c12bd-e5ef-46b6-95a2-4d8e7f864c1a
- role-id: developer
party-uuids:
- 67c04291-dbf6-495a-a3ba-0011638acc94
- role-id: system-engineer
party-uuids:
- 4ba3f2b7-e894-48d7-b940-91c68661df55
import-profile:
href: ../select/profile.oscal.json
system-characteristics:
system-ids:
- identifier-type: http://ietf.org/rfc/rfc4122
id: 8101e04d-8305-4e73-bb95-6b59f645b143
system-name: IFA GoodRead
description: This system acts as a link shortener for IFA employees
date-authorized: "2023-12-04T14:55:00.000000-04:00"
security-sensitivity-level: moderate
system-information:
information-types:
- uuid: bccfbb65-a7f3-41ac-989f-01d96eddfdc7
title: User-provided Links
description: This system maintains a set of user-provided links and their associated shortlinks
categorizations:
- system: https://doi.org/10.6028/NIST.SP.800-60v2r1
information-type-ids:
- C.2.8.12
confidentiality-impact:
base: fips-199-low
integrity-impact:
base: fips-199-low
selected: fips-199-moderate
adjustment-justification: Maliciously modified links are a concern
availability-impact:
base: fips-199-low
security-impact-level:
security-objective-confidentiality: low
security-objective-integrity: medium
security-objective-availability: low
status:
state: operational
authorization-boundary:
description: This section describes an attached diagram of the authorization boundary for IFA GoodRead Project's information system.
network-architecture:
description: This section describes an attached diagram of the network architecture for IFA GoodRead Project's information system.
data-flow:
description: This section describes an attached diagram of various dataflows for application and related elements of the IFA GoodRead Project's information system.
system-implementation:
users:
- uuid: 00d323d3-dc3f-4d93-900f-f13430e094d3
title: Application Administrator
description: The developer of the application supports IFA Public Affairs Officers by administering the application and its infrastructure.
role-ids:
- developer
authorized-privileges:
- title: Application Administrator Privilege
functions-performed:
- user-creation
- user-enablement
- user-disablement
- user-role-modification
- popular-shortlink-cache-reset
- database-export
- database-migration
- uuid: 61405ba7-edb4-4243-8461-79aac5805e5c
title: Public Affairs Officers
description: IFA Public Affairs Officers (PAOs) in each division of the agency review public communications to citizens who are customers of the IFA. PAOs review requests from colleagues to generate and publish content that is the target of a shortlink and can unpublish shortlinks.
role-ids:
- public-affairs-office
authorized-privileges:
- title: Public Affairs Officer Privilege
functions-performed:
- shortlink-generation
- shortlink-approval
- shortlink-rejection
- shortlink-publication
- shortlink-unpublication
- uuid: fb36760a-143d-490b-8fc4-6a8c172fba86
title: General Public
description: The general public is free to click on shortlinks
authorized-privileges:
- title: General Public Privilege
functions-performed:
- shortlink-view
components:
- uuid: 551b9706-d6a4-4d25-8207-f2ccec548b89
type: this-system
title: IFA GoodRead System
description: 'IFA develops, operates, and maintains the GoodRead link shortener system to '
status:
state: operational
responsible-roles:
- role-id: developer
party-uuids:
- 67c04291-dbf6-495a-a3ba-0011638acc94
- role-id: system-engineer
party-uuids:
- 4ba3f2b7-e894-48d7-b940-91c68661df55
inventory-items:
- uuid: 4392599a-9117-416a-87d1-24c7d1b2dd0b
description: This is the custom GoodRead application within the system.
props:
- name: software-name
value: IFA GoodRead
class: webserver-application
- name: software-version
value: 1.0.0
class: webserver-application
- name: asset-type
value: web-server
class: webserver-application
implemented-components:
- component-uuid: 551b9706-d6a4-4d25-8207-f2ccec548b89
props:
- name: asset-id
value: IFAGOV-SYSTEM1234-GOODREAD
- uuid: d911b560-f564-4715-8d2a-76f86127ac73
description: This is the web application framework upon which the developer writes the custom GoodRead application for the user interface and API of this system.
props:
- name: software-name
value: Django Framework
class: webserver-framework
- name: software-version
value: 4.2.1
class: webserver-framework
- name: asset-type
value: web-server
class: webserver-framework
implemented-components:
- component-uuid: 551b9706-d6a4-4d25-8207-f2ccec548b89
props:
- name: asset-id
value: IFAGOV-SYSTEM1234-GOODREAD
- uuid: 3e3a8d9a-e3d6-4c7d-b59b-a8d6514fa4a2
description: This is the database for the custom GoodRead application within the system.
props:
- name: software-name
value: PostgreSQL
class: database
- name: software-version
value: "15.3"
class: database
- name: asset-type
value: database
class: database
implemented-components:
- component-uuid: 551b9706-d6a4-4d25-8207-f2ccec548b89
props:
- name: asset-id
value: IFAGOV-SYSTEM1234-GOODREAD
- uuid: 0fb95c4c-ebfd-492e-8145-363eb7947dbe
description: This is the operating system for the web server that runs the custom GoodRead application within the system.
props:
- name: software-name
value: Red Hat Enterprise Linux 9
class: operating-system
- name: asset-type
value: operating-system
class: operating-system
implemented-components:
- component-uuid: 551b9706-d6a4-4d25-8207-f2ccec548b89
props:
- name: asset-id
value: IFAGOV-SYSTEM1234-GOODREAD
- uuid: cd39f700-23ab-4574-a17e-c9c8f073cbec
description: This inventory item is an instance from the AwesomeCloud Awesome Compute Service (ACS) Service. It is a Linux server.
props:
- name: asset-id
value: instance-abcd1234
class: linux-server
- name: ipv4-address
value: 172.1.2.3
class: linux-server
- name: ipv4-address
value: 1.1.2.3
class: linux-server
- name: uri
value: instance-abcd1234.acs.awesomecloud.systems
class: linux-server
- name: asset-type
value: appliance
class: linux-server
implemented-components:
- component-uuid: 551b9706-d6a4-4d25-8207-f2ccec548b89
props:
- name: asset-id
value: IFAGOV-SYSTEM1234-GOODREAD
- uuid: d9550535-40b9-4d8b-861c-07aa8786bf43
description: This inventory item is an instance from the AwesomeCloud Awesome Load Balancer (ALB) Service. It is a Linux server.
props:
- name: asset-type
value: appliance
class: network-load-balancer
- name: asset-id
value: instance-defg7890
class: linux-server
- name: uri
value: https://instance-defg7890.alb.awesomecloud.systems
class: network-load-balancer
implemented-components:
- component-uuid: 551b9706-d6a4-4d25-8207-f2ccec548b89
props:
- name: asset-id
value: IFAGOV-SYSTEM1234-GOODREAD
control-implementation:
description: This is the control implementation for the application and infrastructure that compose to the IFA GoodRead Project's system.
set-parameters:
- param-id: ac-06.01_odp.01
values:
- individuals and roles with authorized access to security functions and security-relevant information are defined and not available to all users of the system;
- param-id: ac-06.01_odp.02
values:
- security functions (deployed in hardware) for authorized access are defined;
- param-id: ac-06.01_odp.03
values:
- security functions (deployed in soware) for authorized access are defined;
- param-id: ac-06.01_odp.04
values:
- security functions (deployed in firmware) for authorized access are defined;
- param-id: ac-06.01_odp.05
values:
- security-relevant information for authorized access is defined;
implemented-requirements:
- uuid: d5f9b263-965d-440b-99e7-77f5df670a11
control-id: ac-6.1
by-components:
- component-uuid: 551b9706-d6a4-4d25-8207-f2ccec548b89
uuid: a4c2d318-26a9-49df-9818-ee0acaf066f2
description: |-
The IFA GoodRead application and infrastructure are composed as designed and implemented with lease privilege for the elements of this system.
For the IFA GoodRead application, the custom application is designed and implemented on top of the Django Framework to enforce least privilege. The application has a role for IFA Public Affairs Officers and one for the developers for privileged permissions, respectively. Only the latter can access or change administrative and security configurations and related data.
The Django Framework and Django REST Framework (DRF), by default, allows any user with the `is_staff` role attribute to access administrative functions in an application using the framework. IFA GoodRead developers have disabled this behavior, relying on the custom roles identified in the relevant section.
For the IFA GoodRead database, the system account and accredentials for the application to read and write to the system datastore has specific read and write authorization for specific tables. This database service account does not have full administrative permissions to add, modify, or delete all respective tables. For the production environment, only the IFA GoodRead developer has a dedicated account with equivalent permissions. Only local network socket access, within in the Linux server, is permitted by host firewall configuration. Remote access, privileged or unprivileged, is not allowed remotely and the system engineer must locally authenticate for access.
For the RedHat Linux server upon which the IFA GoodRead application is deployed in this system, only the system engineer has a non-privileged user to log in remotely via the SSH protocol to perform ad-hoc inspection, monthly log review as required by policy and procedure, and emergency debugging of the system. Privileged system administration operations may only be performed with the `sudo` subsystem which requires a password, two-factor authentication, and has enhanced logging of all commands executed. The system engineer must log in remotely and then use `sudo` to elevate privileges. Remote access with the privileged account is prohibited by configuration and attempts are logged.
For this remote SSH access, least privilege is additionally enforced by allowing this access via a specific network zone in the IFA GoodRead AwesomeCloud account accessible to only the system engineer via IFA's VPN solution, which requires the system engineer use a dedicated account with their own password and two-factor authentication token.
For cloud account and API access to reconfigure the Linux server and its load balancer, administrative access is only allowed for the system engineer via a special AwesomeCloud IAM role. The authentication and authorization for this role is controlled by an integration with the organization's single sign-on solution. This solution will only be accessible and correctly execute for them when they are on the VPN with their account with traffic forwarded to the appropriate network zone in the IFA GoodRead account in AwesomeCloud. It will not work the developer or any staff users of the application.
implementation-status:
state: implemented