This document outlines the security policy for the system during the POC.
UNDER CONSTRUCTION
Scope
The scope of this policy is the ND UIM POC. It applies to all systems and activities used for the execution of the POC.
Policy
Identity and Access Management
Identity and Access Management - Application
Identities used to access the applications are managed in Cognito. The Cognito instance and it's userpools are separate for each carrier node. There is not shared Cognito across carriers in the carrier nodes. The multi-tenant node uses shared cognito userpools. We are not utillizing the multi-tenant node for carrier activity. AAIS and the DOI will have identities on the multi-tenant node.
Identity and Access Management - Cloud Infrastructure
Each carrier has a node which is hosted in a separate account. AWS is the hosting cloud provider. The overall account is managed by AAIS. The specific organization is separate from all other organizations. IAM users are set up for Chainyard. Chainyard manages the infrastructure on behalf of the Carrier at the direction of AAIS. AAIS and Chainyard are able to administer the account and it's services. No other entity has access to the AWS organization or it's services. The carrier may request and IAM identity.