วิวินาวิ : โลก : () World

CMS Hybrid Cloud Officially Transitions from AWS Permissions Boundaries to Service Control Policies








CMS Cloud


CMS Hybrid Cloud Officially Transitions from AWS Permissions Boundaries to Service Control Policies

________________________________________________________________________



Summary

CMS Hybrid Cloud has transitioned to enterprise service management using Service Control Policies (SCPs) across CMS' Amazon Web Services Commercial and Government Cloud (GovCloud) organizations. Customers are encouraged to review the SCP content and familiarize themselves with making changes and customizing their accounts based on organizational needs.

*Note: This update does not apply to Marketplace accounts. Marketplace accounts will be planned and configured following 2025 Open Enrollment (ending January 15, 2025).*

Background 

Service Control Policies enable efficient management of security and Identity and Access Management (IAM) permissions and offer central control over the maximum available permissions for all accounts in the organization. These policies ensure accounts stay within CMS' access control guidelines, provide business owners a solution for managing access to elected and prevented services in their architectural model, and request changes for integrating newly onboarded services. Additionally, SCPs help business owners align their organizational framework with our enterprise services and ensure complementary security and access policies between organizations. Read more about how CMS utilizes SCPs [ https://cloud.cms.gov/service-control-policies-update ] or visit AWS' Service Control Policies [ https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html ] documentation.

Benefits 

The CMS Hybrid Cloud team now uses SCPs to better support customers with the following:

*Allowed Services: *Ensures only CMS-approved services are available to CMS Hybrid Cloud customers.

*Protected Actions: *Restricts protected actions meant to be available only to the CMS Hybrid Cloud administrative team.

*Financial Restrictions: *Restricts financial actions meant to be available only to the CMS Hybrid Cloud team.

*Root Restrictions:* Restricts activity by the root user by default.

Timeline

AWS accounts have been moved and reorganized to support this new model in *non-production (Non-Prod) environments as of Thursday, October 3, 2024*, and *production (Prod) environments as of Tuesday, October 8, 2024*. Marketplace accounts will be planned and configured following 2025 Open Enrollment. Additional communications will be sent as policies are applied within the AWS Organization.

Action Required

There is no action required as the new structure does not impact any existing permissions, and *there will be no impacts on Marketplace accounts for Open Enrollment.* Customers are encouraged to read more about how CMS utilizes SCPs [ https://cloud.cms.gov/service-control-policies-update ] or visit AWS' Service Control Policies [ https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html ] documentation.

Questions

For questions or issues about this change, please get in touch with your assigned Hosting Coordinator.



Office of Information Technology




You are subscribed to receive email messages about CMS Cloud Operations, Changes, and Outages from the Centers for Medicare & Medicaid Services (CMS).

To update your subscription(s), preferences or to stop receiving messages from the CMS Cloud Operations, Changes, and Outages Updates- distribution list, please go to our Subscriber Preferences Page [ https://public.govdelivery.com/accounts/USCMS/subscriber/new?category_id=USCMS_C176 ].

________________________________________________________________________

This email was sent to mshinji3056@gmail.com using GovDelivery Communications Cloud 7500 Security Boulevard · Baltimore MD 21244


body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;} table.govd_hr {min-width: 100%;}