XCI Ansible repository

4 posts / 0 new
Last post
XCI Ansible repository

Does the XCI Ansible repository on bitbucket.org require multi-factor authentication for access?

Delivery Effort Stage: 

No, it does not at present require multi-factor authentication for access. 

Though this service may not rise to the level of an XSEDE Enterprise Service (or does it?) the XSEDE Enteprise Service Security Standard version 1.4 says the following which I would recommend for all XCI maintained systems just like XES.

It is critical to control access to XSEDE resources, especially in cases of privileged access. It is equally important to accurately record who has access to systems and that they are not exceeding their authority. XES providers will:

 * Use strong, i.e., at least two-factor authentication (2FA), authentication for administrative interfaces, accounts or privilege escalation where at all possible (see exception clause in C.3 above). This could be directly on a system or through use of a choke point such as a bastion host or VPN.

This Information Service on AWS definitely needs to be considered an XSEDE Enterprise Service. We are reviewing all XSEDE Enterprise Service Security Standards and will update this document if any were missed. Admin access to all Information Services will go thru a choke point that requires 2-factor.

Thanks for the guidance.


Log in to post comments