PDP-19 Production Deployment Access

Estimated reading: 2 minutes 1817 views

What is PDP-19 Production Deployment Access Control?

Production Deployment Access control is a very important point in most audits. As most organizations operate in an agile way, the issue of segregation of duties is often overlooked.

If you have employees with elevated access who can write code and push that code through production without any intermediary, then there needs to be some mitigation in place to reduce the risk of an attacker getting this specific individual access and pushing unauthorized changes through.

A great mitigation factor is a File Integrity Monitoring (FIM) tool or an alert mechanism that would notify independent personnel of any changes being deployed. Make sure that the alerting mechanism is never disabled by the same individual with elevated privileges.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

File Integrity Monitoring (FIM) Tools
SolarWind Security Event Manager
ManageEngine ADAudit Plus
DataDog Security Monitoring
OSSEC

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version.

  • N/A: no template for this section

Control implementation

Restrict access to deployment tools to a ‘select few’. Employees with the ability to deploy to production should ideally be separated from those with write access to source code.

Ensure that you implement an automated alerting mechanism for any changes deployed to production.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

  1. Provide a list of deployment admin users.
  2. Provide a screenshot of the automated alert mechanism, or FIM alert mechanism.

Evidence example

For the suggested action, an example is provided below:

  1. Provide a list of deployment admin users.
    The following screenshot shows the list of users and their rights within the deployment tool in TrustCloud.
    PDP 19 Production Deployment Access 01
  2. Provide a screenshot of the automated alert mechanism, or FIM alert mechanism.
    The following screenshot demonstrates that there is a platform to receive automated notifications through Slack in TrustCloud.
    PDP 19 Production Deployment Access 02
    Example of FIM (file integrity monitoring) tracking changes in files:
    PDP 19 Production Deployment Access 03

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
OR