XCI Ansible repository

4 posts / 0 new
Log in to post comments
Last post
Wed, 2018-12-05 15:32
#1
Jim Basney
XCI Ansible repository

Does the XCI Ansible repository on bitbucket.org require multi-factor authentication for access?

Delivery Effort Stage: 
Design
Top
Wed, 2018-12-05 15:38
Eric Blau

No, it does not at present require multi-factor authentication for access. 

Top
Thu, 2018-12-06 09:22
Victor Hazlewood

Though this service may not rise to the level of an XSEDE Enterprise Service (or does it?) the XSEDE Enteprise Service Security Standard version 1.4 says the following which I would recommend for all XCI maintained systems just like XES.

It is critical to control access to XSEDE resources, especially in cases of privileged access. It is equally important to accurately record who has access to systems and that they are not exceeding their authority. XES providers will:

 * Use strong, i.e., at least two-factor authentication (2FA), authentication for administrative interfaces, accounts or privilege escalation where at all possible (see exception clause in C.3 above). This could be directly on a system or through use of a choke point such as a bastion host or VPN.

Top
Thu, 2018-12-06 14:47
(Reply to #3)
John-Paul Navarro
John-Paul Navarro's picture

This Information Service on AWS definitely needs to be considered an XSEDE Enterprise Service. We are reviewing all XSEDE Enterprise Service Security Standards and will update this document if any were missed. Admin access to all Information Services will go thru a choke point that requires 2-factor.

Thanks for the guidance.

JP

Top
Log in to post comments

National Science Foundation (NSF)

© XSEDE All Rights Reserved. Visit the Feedback page for assistance or to provide feedback.
The Extreme Science and Engineering Discovery Environment is supported by the National Science Foundation.
Administrative Login