Configuration Management Policy
Wildfire Labs standardizes and automates configuration management through the use of Ansible scripts as well as documentation of all changes to production systems and networks. Ansible automatically configures all Wildfire Labs systems according to established and tested policies, and is used as part of our Disaster Recovery plan and process.
Applicable Standards
HITRUST Common Security Framework
06 - Configuration Management
HIPAA Security Rule
164.310(a)(2)(iii) Access Control & Validation Procedures
Configuration Management Policies
Ansible is used to standardize and automate configuration management.
OSSEC is used to scan systems every 2 hours and on reboot. These scans capture file system changes and also unauthorized or malicious software.
No systems are deployed into Wildfire Labs environments without approval of the Wildfire Labs Security Officer.
All changes to production systems, network devices, and firewalls are approved by the Wildfire Labs Security Officer before they are implemented. Additionally, all changes are tested before they are implemented in production.
An up-to-date inventory of systems is maintained using Google spreadsheets and architecture diagrams hosted on Google Drive. All systems are categorized as production and utility to differentiate based on criticality.
Clocks are synchronized across all systems using NTP. Modifying time data on systems is restricted.
All front end functionality (developer dashboards and portals) is separated from backend (database and app servers) systems by being deployed on separate servers and in different Virtual Private Networks.
All software and systems are tested using unit tests, feature tests, and end to end tests.
All committed code is reviewed to assure software code quality and proactively detect potential security issues in development.
Wildfire Labs utilizes development and staging environments that mirror production to assure proper function.
Wildfire Labs also deploys environments locally using Virtualbox to assure functionality before moving to staging or production.
Last updated