| Request No. | 2018-12 |
|---|---|
| Date of Request | 11.08.17 |
| Requester | Steering Committee |
| Application(s) | All Applications |
| Section / Page | Documentation |
| Steering Approval | NEWAPPROVED - Pending Data Security Processes |
| Steering Hearing Date | 11.08.17 |
| Proposed Change to Download File | N/A |
| Proposed Change to Residency Logic | N/A |
| Table of Contents |
|---|
Problem / Issue
Currently, sensitive OpenCCC and CCCApply application data dictionaries are stored on a public-access wiki page in Confluence. College staff users of CCCApply and other CCCTC applications have unprotected access to these documents. Steering discussed the potential risks of exposing our data specifications during the November 2017 steering meeting and voted to move these documents to a more secure location and possibly require authenticated college users to login to obtain authorization to download these documents.
Proposed Solution
To minimize risk of external, malicious forces from having unauthorized access to OpenCCC and CCCApply Application data specifications - including specifications for colleges to access the CCCApply download server(s), and other data storage information, move all OpenCCC, CCCApply, Administrator and Report Center Data Dictionaries, and data download implementation specification docs from the public documentation spaces in Confluence to a secure location, such as the CCC Administrator - and require users to have an authorized User Account (confirmed and trusted through college IdP metadata) to access this information.
Change Requirements
TBD