CM-5 ACCESS RESTRICTIONS FOR CHANGE

Page last updated:

PCF Compliance

Physical access restrictions are the responsibility of the deployer. PCF provides logical access controls for operators using BOSH and Ops Manager performing change management functions on the platform.
For example, authentication to BOSH and Ops Manager may be controlled using integration of UAA and the existing enterprise- or agency-deployed Identity Management system. BOSH and Ops Manager must be deployed on a restricted management subnet, and access controlled through a bastion host (Jumpbox) as described in the reference architecture. As of PCF v2.1, Ops Manager users with Full View and Restricted View permissions can be logged in simultaneously. Prior to this release, only one user at a time could view Ops Manager. For security purposes, operators with write access still cannot be logged into Ops Manager simultaneously. Additional procedural controls to ensure only one Ops Manager user with write access at any one time is a deployer responsibility.

Logical access controls to protect change management of deployed applications are provided by the RBAC capabilities of the Cloud Controller. Refer to the associated documentation pages for more information about Cloud Controller RBAC.


Control Description

The organization defines, documents, approves, and enforces physical and logical access restrictions associated with changes to the information system.

Supplemental Guidance

Any changes to the hardware, software, and/or firmware components of information systems can potentially have significant effects on the overall security of the systems. Therefore, organizations permit only qualified and authorized individuals to access information systems for purposes of initiating changes, including upgrades and modifications. Organizations maintain records of access to ensure that configuration change control is implemented and to support after-the-fact actions should organizations discover any unauthorized changes. Access restrictions for change also include software libraries. Access restrictions include, for example, physical and logical access controls (see AC-3 and PE-3), workflow automation, media libraries, abstract layers (e.g., changes implemented into third-party interfaces rather than directly into information systems), and change windows (e.g., changes occur only during specified times, making unauthorized changes easy to discover).