Page tree

Skip to end of metadata
Go to start of metadata

Overview

ClearDATA has developed Automated Safeguards for Security Groups that allow customers to manage their own security groups in AWS. 

Allowed Security Group Rules

Customers are able to create new security groups that use any RFC1918 space (10.0.0.0/8, 172.16.0.0/12, & 192.168.0.0/16) as the rule source.  If customers wish to use a routable IP address in a Security Group rule they must request an exception (see below).  In order for ClearDATA to allow the rule, our Information Security team will review all exception requests against our policies and procedures and make a determination.  

Users must be added to the appropriate IAM Group in order to create and modify Security Groups.

Evaluation and Remediation

If a new rule is added to a Security Group, or if an existing rule is modified, that change will trigger a reevaluation of the Security Group.  If the new or modified rule is not allowed, and if there is not an existing exception, the rule will be removed from the Security Group.  Please contact ClearDATA Support if you need any assistance with creating rules.

Remediation

If the new or modified rule is not allowed, and if there is not an existing exception, the rule will be removed from the Security Group.

Review Rule Exception Requests

Security Group Rule Exception Requests are available in the ClearDATA customer portal.

  1. Go to ClearDATA portal
  2. Click on “Assets” tab
  3. Click on “Security Groups”
  4. The view shows:
    1. All approved and activity Security Rule Exceptions
    2. A log of all Security Rule Exception Requests

Please note that its is all possible to view all requests by status as well.  The status options are:

  • Approved
  • Awaiting Approval
  • Disabled
  • Denied
  • Cancelled

Request Security Rule Exception

  1. Go to ClearDATA portal
  2. Click on “Assets” tab
  3. Click on “Security Groups”
  4. Click on green “New Exception Request” button
  5. Fill the form and click submit

    Note

    When submitting a request, please ensure each request only contains on CIDR. If you have multiple CIDR ranges, each will require a separate request.

  6. Request will then appear in previous screen with an “Awaiting Approval” Status

Track or Cancel an Existing Exception Request

  1. Go to ClearDATA portal
  2. Click on “Assets” tab
  3. Click on “Security Groups”
  4. Click on the Security Rules Exception
  5. To track the request refer to the ticket # shown in the blue box or click on the blue box to see latest updates
  6. To cancel the request, click on the red box “Cancel Request” to cancel the request – Its status will then change from “Awaiting Approval” to “Cancelled”
  7. If approved, status will change to “Approved” and it will then be possible to use the rule, if not, status will change to “Denied"

Disable a Previously Approved Exception Request

  1. Go to ClearDATA portal
  2. Click on “Assets” tab
  3. Click on “Security Groups”
  4. Click on an “Approved” Security Rules Exception
  5. To disable the request click on the red “Disable” requests rule – This will forbid this rule from being used moving forward
    Please note that it is possible to look at the history of the rule by clicking on the blue button

Automated Safeguards Alerting

ClearDATA Automated Safeguards both alert and remediate when a compliance violation is detected.  Customers can subscribe to the alerts by following the article Automated Safeguards - Subscribe to Compliance Alerts.

  • No labels