|
|
|
|
|
|
by tyre
3696 days ago
|
|
|
This does not address the core complaint from the breach[1]: > 18F’s use of both OAuth 2.0 and Slack is not in compliance with GSA’s Information Technology Standards Profile, GSA Order
CIO P 2160.1E. The order allows information technologies to be
approved for use in the GSA IT environment if they comply with
GSA’s security, legal, and accessibility requirements. Currently, neither OAuth 2.0 nor Slack are approved for use in the GSA IT standards profile. > ... > The OIG makes the following recommendations: > 1. GSA should cease using Slack and OAuth 2.0 until and
unless they are approved for use in the IT Standards Profile. > 2. GSA should ensure that 18F complies with GSA Order CIO
P 2160.1E. Is 18F no longer using Slack or any other OAuth 2.0 integrations? That would be a shame. Are they working with GSA and the Office of Inspections and Forensic Auditing to clear Slack/OAuth 2.0? [1]: https://www.gsaig.gov/sites/default/files/ipa-reports/Alert%... |
|
|