Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assess Log Category Checklist #5018

Open
3 tasks
btylerburton opened this issue Dec 20, 2024 · 0 comments
Open
3 tasks

Assess Log Category Checklist #5018

btylerburton opened this issue Dec 20, 2024 · 0 comments
Labels
compliance Relating to security compliance or documentation logging security Pull requests that address a security vulnerability

Comments

@btylerburton
Copy link
Contributor

User Story

In order to determine that we are in compliance with GSA IT logging regulations, datagovteam wants to assert that we are logging each of the items in the spreadsheet linked below.

https://docs.google.com/document/d/1Gau0a3JlZrLDyXhvSMa49Lj-ne443fXpJrt9G1L0ckc/edit?usp=sharing

Acceptance Criteria

[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]

  • GIVEN I have an instance of a data.gov application
    THEN I want to assert that all logs enumerated in the above spreadsheet are being captured

Note: as we do not log anything to static files, we can leave that column alone.

Background

[Any helpful contextual notes or links to artifacts/evidence, if needed]

Security Considerations (required)

[Any security concerns that might be implicated in the change. "None" is OK, just be explicit here!]

Sketch

  • Determine if each category of log items is applicable to the application and, if so, that it is being captured.
  • If the log is not being captured, assert why it is not feasible to capture: either because it is not applicable to the application, not feasible due to infrastructure obfuscation, framework restriction, etc.
@btylerburton btylerburton added compliance Relating to security compliance or documentation security Pull requests that address a security vulnerability logging labels Dec 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
compliance Relating to security compliance or documentation logging security Pull requests that address a security vulnerability
Projects
data.gov team board
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@btylerburton