AWS managedservices documentation change
Summary
Added sections on risk acceptance validity (1-year expiration with annual review) and clarified opt-out process for CSRM approval workflow
Security assessment
Documents security process improvements but doesn't reference any specific vulnerability fix. Adds security documentation about risk management procedures without evidence of addressing an existing security issue.
Diff
diff --git a/managedservices/latest/accelerate-guide/acc-sec-csrm-process.md b/managedservices/latest/accelerate-guide/acc-sec-csrm-process.md index afc6b61eb..383caa825 100644 --- a//managedservices/latest/accelerate-guide/acc-sec-csrm-process.md +++ b//managedservices/latest/accelerate-guide/acc-sec-csrm-process.md @@ -4,0 +5,2 @@ +Risk acceptance validity and reviewOpt-out + @@ -9 +11,9 @@ The AMS Accelerate Customer Security Risk Management (CSRM) process helps to cle -By default, when someone from your organization requests that AMS implement a change to your managed environment, AMS reviews the change to determine if the request falls outside of the technical standards, which might alter the security posture of your account. If there is a high or very high security risk, then the change review is accepted or rejected by your authorized security personnel. Requested changes are also evaluated for adverse effects on AMS's ability to operate the account. If the review finds possible adverse impacts, then additional reviews and approvals are required within AMS. +By default, when someone from your organization requests that AMS implement a change to your managed environment, AMS reviews the change to determine if the request falls outside of the technical standards, which might alter the security posture of your account. If there is a high or very high security risk, then your authorized security personnel accept or reject the change review. Requested changes are also evaluated for adverse effects on AMS's ability to operate the account. If the review finds possible adverse impacts, then additional reviews and approvals are required within AMS. + +## Risk acceptance validity and review + +Risk acceptances are valid for one year from the date of approval. If a previously accepted risk scenario arises again after one year, the risk acceptance must be reviewed and re-approved before it can be applied. This annual review ensures that risk decisions remain aligned with current technical standards, regulatory requirements, and your organization's evolving risk profile. + +## Opt-out + +You can opt-out from the approval based workflow in the CSRM process for high or very high risks. To change the CSRM option for specific accounts from **Standard CSRM** to **Notification Only** , work with your Cloud Service Delivery Managers to create a one-time risk acceptance. If you choose to proceed with the **Notification Only** option, then AMS implements the requested changes regardless of the risk category. AMS sends a risk notification to your authorized risk approvers instead of seeking approval prior to the change implementation. @@ -11 +21 @@ By default, when someone from your organization requests that AMS implement a ch -You can opt-out from the approval based workflow in the CSRM process for high or very high risks. To change the CSRM option for specific accounts from **Standard CSRM** to **Notification Only** , work with your Cloud Service Delivery Managers to create a one-time risk acceptance. If you choose to proceed with the **Notification Only** option, then AMS implements the requested changes regardless of the risk category. And, AMS sends a risk notification to your authorized risk approvers instead of seeking approval prior to the change implementation. Speak with your Cloud Architects or Cloud Service Delivery Managers for more information about the AMS CSRM process, how to change the default CSRM option when onboarding new AMS accounts, or how to update existing accounts. +Speak with your Cloud Architects or Cloud Service Delivery Managers for more information about the AMS CSRM process, how to change the default CSRM option when onboarding new AMS accounts, or how to update existing accounts.