びびなび : World : () World

Action Required: Transition from Permissions Boundary to Service Control Policies








CMS Cloud


Action Required: Transition from Permissions Boundary to Service Control Policies

________________________________________________________________________



Summary

Beginning in *August 2024,* CMS Cloud will transition to enterprise service management using Service Control Policies (SCPs) across CMS' Amazon Web Services Commercial and Government Cloud (GovCloud) organizations. This modernized approach enables customer teams an efficient solution for accessing our approved services, and requesting changes or approvals for integrating external services. Additionally, SCPs help business owners align their organizational framework with our enterprise services, and ensure complementary security and access policies between organizations.

Background 

Service Control Policies enable efficient management of security and Identity and Access Management (IAM) permissions and offer central control over the maximum available permissions for all accounts in the organization. These policies ensure your accounts stay within CMS' access control guidelines, and also provide business owners a solution for managing access to elected and prevented services in their architectural model. To read more about how SCPs work, please see SCP Evaluation [ https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html ]. 

The CMS Cloud team will transition to managing IAM with SCPs to better support customers with the following starting in *August 2024*:

*Allowed Services: *Ensures only CMS-approved services are available to CMS Cloud tenants.

*Protected Actions: *Restricts protected actions meant to be available only to the CMS Cloud administrative team.

*CPT Restrictions: *Restricts financial actions meant to be available only to the CMS Cloud procurement team

*Root Restriction:* Restricts activity by the root user by default.

Timeline

This new model for enterprise services management will be deployed in production (Prod) and non-production (Non-Prod) environments following testing beginning in* August 2024.*

Action Required

Customers are encouraged to learn more about how SCPs work by visiting SCP Evaluation [ https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html ].

Questions

For questions or issues about this change, please get in touch with your IUSG Advisor.

 



Office of Information Technology




You are subscribed to receive email messages about CMS Cloud Operations, Changes, and Outages from the Centers for Medicare & Medicaid Services (CMS).

To update your subscription(s), preferences or to stop receiving messages from the CMS Cloud Operations, Changes, and Outages Updates- distribution list, please go to our Subscriber Preferences Page [ https://public.govdelivery.com/accounts/USCMS/subscriber/new?category_id=USCMS_C176 ].

________________________________________________________________________

This email was sent to mshinji3056@gmail.com using GovDelivery Communications Cloud 7500 Security Boulevard · Baltimore MD 21244


body .abe-column-block {min-height: 5px;}