04/27/2022 SAR Security Review

Date	27 Apr 2022
Time	11:30
Duration	30 mts
Location	Zoom
Zoom
Attendees	Ashish Pandit Unknown User (mkgill) Daniel Quach Louis Zelus Achraf Adenane
Project/Program	Security Assessment remediation - SAR
Project Board	ITS PMO
Log Time
OTL
Objective(s)	Implement SAR Remediations

Notes:

Speaker	Description	Notes
SAR	SAR-92 Developers can connect directly to the iPaaS system without utilizing a jump box	What is the purpose of control? What risk is mitigated ? What's the Administrative Control? The access to iPaaS, Developers, Architects and Patching are the ways to access the iPaaS system Developers can connect to iPaaS without utilizing jump box. Access of the developers is mitigated and controlled. The access through Jump box is unrestrictive We need to have EA included in this meeting to review the purpose of the control and then come up with the process around.
	SAR-29 Review third party remote access to ensure access is still required	This task is in progress