IT2023043 - Recommendation 17

Direct and require confirmation of completion from FAA's cloud-based system owner for the FAA Cloud Services-Infrastructure-as-a-service and Platform-as-a-Service to: a. Incorporate flaw remediation into ongoing configuration management processes. b. Develop and implement a process to regularly manage malicious code protection to detect and eradicate malicious code at the entry point for its Infrastructure-as-a-service and Platform-as-a-Service. c. Develop and implement a change control process and use baseline configuration settings and document configuration settings to establish a basis for future builds, releases, and/or changes. d. Develop and implement a process to perform an automated review of network accounts or implement an alternative method for identifying users on the network in real-time. e. Develop and implement a process to require the most current cryptographic mechanisms to protect data during network transmission to provide complete boundary protection and reduce the risk of compromise. f. Develop and implement a process to encrypt data transmitted within the Infrastructure-as-a-service environment to reduce the risk of compromise and data exposure. g. Develop and implement a process to review vulnerability scans results and remediate vulnerabilities within specified timeframes as required by FAA's security handbook.