Access Control Policy¶
Version 1.0 | Classification: CONFIDENTIAL — Internal Use Only
Purpose¶
Define mandatory requirements for granting, managing, reviewing, and revoking access to all GPUS-IT systems, ensuring that access is appropriate, auditable, and revoked promptly when no longer required.
Scope¶
Applies to all individuals — staff, contractors, and vendors — who require access to any GPUS-IT system.
Policy Requirements¶
Account Standards¶
| Requirement | Standard |
|---|---|
| Account type | Individual named accounts only — no shared accounts |
| Root login | Disabled on all servers; root access via sudo only |
| SSH authentication | Public key required; password authentication disabled on all servers |
| Password policy | 14-character minimum, complexity required, 90-day maximum age |
| Account lockout | Lockout after 5 consecutive failed login attempts |
| Inactive accounts | Disabled after 30 days of inactivity; removed after 90 days |
Least Privilege¶
- Access is granted at the minimum level required to perform the role.
- Admin accounts are not used for routine non-admin tasks.
- Service accounts use
nologinshell and have no interactive access. - Production and management network access are separately controlled.
Separation of Duties¶
- DNS/DHCP administration (
dnsadmin) and monitoring/logging administration (monitadmin) are separate accounts. - No single account has admin access to all four servers without explicit IT Manager authorization.
- GCP Console access is limited to the IT Admin role (
rajesh.chhetry@greenpeace.us).
Access Provisioning¶
- All access requests require written approval from the IT Manager before provisioning.
- Provisioning is performed only by the IT Admin.
- All provisioning actions are logged to
/var/log/asset-inventory.log.
Access Revocation¶
- Access must be revoked within 24 hours of a role change, departure, or contractor engagement end.
- Revocation includes: disabling the account, removing SSH public keys, and rotating any shared secrets the individual had access to.
- Emergency revocation (suspected compromise) must occur within 1 hour of notification.
Access Reviews¶
Quarterly access reviews are conducted to verify all active accounts are still required and appropriately scoped. See Access Review.
Audit and Monitoring¶
- All privileged commands are captured by
auditdon each server. - SSH login and logout events are forwarded to the WIND ELK stack (
auth-logs-*index). sudousage is logged and searchable in Kibana.
Exceptions¶
Exceptions to this policy require written approval from the IT Manager and Security Ops, with a documented justification and defined expiry date.
Review¶
This policy is reviewed annually by the IT Manager and Security Ops.
Policy · v1.1 · 2026-03-14 · GPUS-IT · Classification: CONFIDENTIAL — Internal Use Only