This document outlines the security policy for the system during the POC.

Scope

The scope of this policy is the ND UIM POC.  It applies to all systems and activities used for the execution of the POC.

Policy

Identity and Access Management

Identity and Access Management - Application

Identities used to access the applications are managed in Cognito.  The Cognito instance and it's userpools are separate for each carrier node.  There is not shared Cognito across carriers in the carrier nodes.  The multi-tenant node uses shared cognito userpools.  We are not utillizing the multi-tenant node for carrier activity.  AAIS and the DOI will have identities on the multi-tenant node. 

Identity and Access Management - Cloud Infrastructure

Each carrier has a node which is hosted in a separate account.  AWS is the hosting cloud provider.  The overall account is managed by AAIS.  The specific organization is separate from all other organizations.  IAM users are set up for Chainyard.  Chainyard manages the infrastructure on behalf of the Carrier at the direction of AAIS.  AAIS and Chainyard are able to administer the account and it's services.  No other entity has access to the AWS organization or it's services.  The carrier may request and IAM identity.

Identity and Access Management - Blockchain Network

Data Privacy