diff --git a/.github/workflows/acknowledgment-request-template.md b/.github/workflows/acknowledgment-request-template.md new file mode 100644 index 0000000..93372c4 --- /dev/null +++ b/.github/workflows/acknowledgment-request-template.md @@ -0,0 +1,15 @@ +# Generate infosec acknowledgment issues + +It's time to generate infosec acknowledgement issues for all of the ROAR team. + +Perform these commands on your command line: + +```shell +TEAM_MEMBERS=$(gh api orgs/yeatmanlab/teams/roar/members --jq '.[].login') + +for MEMBER in $TEAM_MEMBERS +do + ISSUE_BODY="Please acknowledge that you have reviewed the Data Privacy and Information Security Manual and accompanying documents by commenting 'Acknowledged' below." + gh issue create --title "Acknowledgment Request for $MEMBER" --body "$ISSUE_BODY" --assignee $MEMBER +done +``` diff --git a/.github/workflows/offboarding.yml b/.github/workflows/offboarding.yml index 7a20948..4630f39 100644 --- a/.github/workflows/offboarding.yml +++ b/.github/workflows/offboarding.yml @@ -25,9 +25,13 @@ jobs: - name: Read offboarding checklist id: offboarding_checklist + env: + EMPLOYEE_NAME: ${{ github.event.inputs.employee_name }} + EMPLOYEE_EMAIL: ${{ github.event.inputs.employee_email }} run: | + sed -i "s/{{ employee_name }}/$EMPLOYEE_NAME/g" employee-lifecycle/onboarding-checklist.md + sed -i "s/{{ employee_email }}/$EMPLOYEE_EMAIL/g" employee-lifecycle/onboarding-checklist.md CONTENT=$(cat employee-lifecycle/offboarding-checklist.md) - CONTENT="**Employee Name:** ${{ github.event.inputs.employee_name }}\\n**Employee Email:** ${{ github.event.inputs.employee_email }}\\n\\n$CONTENT" echo "content<> $GITHUB_ENV echo "$CONTENT" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV @@ -35,6 +39,7 @@ jobs: - name: Create GitHub issue for offboarding env: ISSUE_BODY: ${{ env.content }} + EMPLOYEE_NAME: ${{ github.event.inputs.employee_name }} GH_TOKEN: ${{ github.token }} run: | - gh issue create --title "Employee Offboarding Checklist for ${{ github.event.inputs.employee_name }}" --body "$ISSUE_BODY" --label offboarding --assignee richford + gh issue create --title "Employee Offboarding Checklist for $EMPLOYEE_NAME" --body "$ISSUE_BODY" --label offboarding --assignee richford diff --git a/.github/workflows/onboarding.yml b/.github/workflows/onboarding.yml index b0e64bd..b515ca1 100644 --- a/.github/workflows/onboarding.yml +++ b/.github/workflows/onboarding.yml @@ -25,9 +25,13 @@ jobs: - name: Read onboarding checklist id: onboarding_checklist + env: + EMPLOYEE_NAME: ${{ github.event.inputs.employee_name }} + EMPLOYEE_EMAIL: ${{ github.event.inputs.employee_email }} run: | + sed -i "s/{{ employee_name }}/$EMPLOYEE_NAME/g" employee-lifecycle/onboarding-checklist.md + sed -i "s/{{ employee_email }}/$EMPLOYEE_EMAIL/g" employee-lifecycle/onboarding-checklist.md CONTENT=$(cat employee-lifecycle/onboarding-checklist.md) - CONTENT="**Employee Name:** ${{ github.event.inputs.employee_name }}\\n**Employee Email:** ${{ github.event.inputs.employee_email }}\\n\\n$CONTENT" echo "content<> $GITHUB_ENV echo "$CONTENT" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV @@ -35,6 +39,7 @@ jobs: - name: Create GitHub issue for onboarding env: ISSUE_BODY: ${{ env.content }} + EMPLOYEE_NAME: ${{ github.event.inputs.employee_name }} GH_TOKEN: ${{ github.token }} run: | - gh issue create --title "New Employee Onboarding Checklist for ${{ github.event.inputs.employee_name }}" --body "$ISSUE_BODY" --label onboarding --assignee richford + gh issue create --title "New Employee Onboarding Checklist for $EMPLOYEE_NAME" --body "$ISSUE_BODY" --label onboarding --assignee richford diff --git a/.github/workflows/render-pdf.yml b/.github/workflows/render-pdf.yml deleted file mode 100644 index 89dfea6..0000000 --- a/.github/workflows/render-pdf.yml +++ /dev/null @@ -1,74 +0,0 @@ -name: Render Markdown to PDF - -on: - push: - branches: - - main - -jobs: - render: - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.x' - - - name: Install dependencies (Pandoc) - run: | - sudo apt-get update - sudo apt-get install -y \ - pandoc \ - texlive-latex-base \ - texlive-latex-extra \ - texlive-fonts-recommended \ - texlive-fonts-extra \ - - - name: Get last commit info - id: vars - run: | - VERSION=$(cat version.txt) - echo "VERSION=$VERSION" >> $GITHUB_ENV - COMMIT_HASH=$(git log -1 --pretty=format:'%H') - echo "COMMIT_HASH=$COMMIT_HASH" >> $GITHUB_ENV - COMMIT_DATE=$(git log -1 --date=format:'%Y-%m-%d %H:%M:%S' --pretty=format:'%ad') - echo "COMMIT_DATE=$COMMIT_DATE" >> $GITHUB_ENV - - - name: Increment version number - run: | - NEW_VERSION=$(echo "$VERSION + 0.1" | bc) - echo "$NEW_VERSION" > version.txt - echo "VERSION=$NEW_VERSION" >> $GITHUB_ENV - - - name: Replace placeholders in markdown - run: | - sed -i "s/{{ version }}/$VERSION/g" roar-data-privacy-and-information-security-manual.md - sed -i "s/{{ commit }}/$COMMIT_HASH/g" roar-data-privacy-and-information-security-manual.md - sed -i "s/{{ commit_date }}/$COMMIT_DATE/g" roar-data-privacy-and-information-security-manual.md - sed -i "s/{{ version }}/$VERSION/g" roar-sdlc.md - sed -i "s/{{ commit }}/$COMMIT_HASH/g" roar-sdlc.md - sed -i "s/{{ commit_date }}/$COMMIT_DATE/g" roar-sdlc.md - sed -i "s/{{ version }}/$VERSION/g" roar-bcdr.md - sed -i "s/{{ commit }}/$COMMIT_HASH/g" roar-bcdr.md - sed -i "s/{{ commit_date }}/$COMMIT_DATE/g" roar-bcdr.md - - - name: Convert Markdown to PDF - run: | - make infosec - make sldc - make bcdr - - - name: Commit and push changes - run: | - git config --local user.email "action@github.com" - git config --local user.name "GitHub Action" - git add version.txt - git add roar-data-privacy-and-information-security-manual.pdf -f - git add roar-sdlc.pdf -f - git add roar-bcdr.pdf -f - git commit -m "Updated version $VERSION and rendered PDF from commit $COMMIT_HASH" - git push origin main diff --git a/.github/workflows/request-acknowledgment.yml b/.github/workflows/request-acknowledgment.yml index 9346cbb..8a3ccaa 100644 --- a/.github/workflows/request-acknowledgment.yml +++ b/.github/workflows/request-acknowledgment.yml @@ -17,20 +17,18 @@ jobs: - name: Install GitHub CLI run: sudo apt-get install gh + - name: Read issue body + id: acknowledgment_request + run: | + CONTENT=$(cat .github/workflows/acknowledgment-request-template.md) + echo "content<> $GITHUB_ENV + echo "$CONTENT" >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + - name: Get team members and create issues env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + ISSUE_BODY: ${{ env.content }} + GH_TOKEN: ${{ github.token }} run: | - ISSUE_BODY="It's time to generate infosec acknowledgement issues for all of the ROAR team.\n\n" - ISSUE_BODY+="Perform these commands on your command line:\n" - ISSUE_BODY+="\`\`\`\n" - ISSUE_BODY+="TEAM_MEMBERS=\$(gh api orgs/yeatmanlab/teams/roar/members --jq '.[].login')\n" - ISSUE_BODY+="for MEMBER in \$TEAM_MEMBERS\n" - ISSUE_BODY+="do\n" - ISSUE_BODY+=" ISSUE_BODY=\"Please acknowledge that you have reviewed the Data Privacy and Information Security Manual and accompanying documents by commenting 'Acknowledged' below.\"\n" - ISSUE_BODY+=" gh issue create --title \"Acknowledgment Request for \$MEMBER\" --body \"\$ISSUE_BODY\" --assignee \$MEMBER\n" - ISSUE_BODY+="done\n" - ISSUE_BODY+="\`\`\`\n" - gh issue create --title "Create Acknowledgement Requests" --body "$ISSUE_BODY" --assignee richford diff --git a/.gitignore b/.gitignore index ce966f8..e69de29 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +0,0 @@ -roar-data-privacy-and-information-security-manual.pdf -roar-sdlc.pdf -roar-bcdr.pdf \ No newline at end of file diff --git a/employee-lifecycle/offboarding-checklist.md b/employee-lifecycle/offboarding-checklist.md index e49307c..5c8a9ec 100644 --- a/employee-lifecycle/offboarding-checklist.md +++ b/employee-lifecycle/offboarding-checklist.md @@ -1,5 +1,8 @@ # ROAR Employee Onboarding Checklist +**Employee Name**: {{ employee_name }}\ +**Employee Email**: {{ employee_email }} + - [ ] Google Workspace - [ ] Transfer ownership of files and documents to relevant managers or team members. - [ ] Revoke access to shared drives. @@ -9,14 +12,6 @@ - [ ] Revoke access to all repositories. - [ ] Ensure any personal access tokens related to the organization are revoked. -- [ ] Sentry - - [ ] Remove the employee's Sentry account or revoke access to projects. - - [ ] Reassign monitoring tasks previously managed by the employee. - -- [ ] Cypress Cloud - - [ ] Remove the employee's access to Cypress Cloud. - - [ ] Transfer ownership of any tests or projects managed by the employee. - - [ ] Clever: Revoke access to Clever accounts and integrations. - [ ] ClassLink: Remove access to ClassLink accounts and integrations. @@ -36,5 +31,27 @@ - [ ] General Cleanup - [ ] Review and reassign any tasks or projects the employee was responsible for. - - [ ] Ensure that any ROAR data on personal devices has been deleted or destroyed. + - [ ] Employee attests that any ROAR data on personal devices has been deleted or destroyed. - [ ] Ensure that all ROAR devices and physical security passes are returned. + +## Developer Integrations + +- [ ] Sentry + - [ ] Remove the employee's Sentry account or revoke access to projects. + - [ ] Reassign monitoring tasks previously managed by the employee. + +- [ ] Cypress Cloud + - [ ] Remove the employee's access to Cypress Cloud. + - [ ] Transfer ownership of any tests or projects managed by the employee. + +- [ ] Namecheap + - [ ] Transfer ownership/management of any ROAR domains. + - [ ] Remove access to ROAR domains. + +- [ ] Qualys + - [ ] Transfer ownership/management of any ROAR applications. + - [ ] Remove access to ROAR applications. + +- [ ] Beagle Security + - [ ] Transfer ownership/management of any ROAR applications. + - [ ] Remove access to ROAR applications. diff --git a/employee-lifecycle/onboarding-checklist.md b/employee-lifecycle/onboarding-checklist.md index 45834cb..c8f4d68 100644 --- a/employee-lifecycle/onboarding-checklist.md +++ b/employee-lifecycle/onboarding-checklist.md @@ -1,5 +1,8 @@ # ROAR Employee Onboarding Checklist +**Employee Name**: {{ employee_name }}\ +**Employee Email**: {{ employee_email }} + ## All employees - [ ] Google Workspace @@ -34,6 +37,19 @@ - [ ] Invite employee to the development Firebase projects using their Stanford email. - [ ] After verifying that employee is listed on ROAR IRBs, invite them to the staging and production Firebase projects. +- [ ] Namecheap + - [ ] If employee will manage ROAR domain names, invite them as a domain manager in Namecheap using their Stanford email. + +## Employees requiring access to ROAR security tools + +- [ ] Qualys + - [ ] Invite employee to ROAR project using their Stanford email. + - [ ] Share all relevant applications with employee + +- [ ] Beagle Security + - [ ] Invite employee to ROAR project using their Stanford email. + - [ ] Share all relevant applications with employee + ## Employees requiring access to SSO or rostering integrations - [ ] Clever diff --git a/roar-bcdr.md b/roar-bcdr.md index fa0615e..2d65139 100644 --- a/roar-bcdr.md +++ b/roar-bcdr.md @@ -5,10 +5,6 @@ keywords: [ROAR, Business Continuity, Disaster Recovery] lang: "en" ... -**Version**: `{{ version }}`\ -**Last Updated by Commit**: `{{ commit }}`\ -**Last updated on**: `{{ commit_date }}` - > Note: This document is in draft form and is not currently enforced. The Business Continuity and Disaster Recovery (BC/DR) Plan for ROAR outlines the processes and strategies in place to ensure the continuation of critical operations and the rapid recovery of essential services in the event of a disruption. The plan is designed to address a range of potential disruptions, including system failures, security incidents, natural disasters, and other unforeseen events that could impact ROAR's ability to provide its services. diff --git a/roar-bcdr.pdf b/roar-bcdr.pdf index 9a6afd0..9f94ef1 100644 Binary files a/roar-bcdr.pdf and b/roar-bcdr.pdf differ diff --git a/roar-data-privacy-and-information-security-manual.md b/roar-data-privacy-and-information-security-manual.md index 7129425..acb5380 100644 --- a/roar-data-privacy-and-information-security-manual.md +++ b/roar-data-privacy-and-information-security-manual.md @@ -8,10 +8,6 @@ titlepage-color: "8C1515" titlepage-text-color: "FFFFFF" ... -**Version**: `{{ version }}`\ -**Last Updated by Commit**: `{{ commit }}`\ -**Last updated on**: `{{ commit_date }}` - ## Introduction ### Purpose diff --git a/roar-data-privacy-and-information-security-manual.pdf b/roar-data-privacy-and-information-security-manual.pdf index 218f9c2..4f01843 100644 Binary files a/roar-data-privacy-and-information-security-manual.pdf and b/roar-data-privacy-and-information-security-manual.pdf differ diff --git a/roar-sdlc.md b/roar-sdlc.md index 2458fcd..8138424 100644 --- a/roar-sdlc.md +++ b/roar-sdlc.md @@ -5,10 +5,6 @@ keywords: [Software development lifecycle, ROAR] lang: "en" ... -**Version**: `{{ version }}`\ -**Last Updated by Commit**: `{{ commit }}`\ -**Last updated on**: `{{ commit_date }}` - ## Overview The secure Software Development Lifecycle (SDLC) at ROAR outlines the procedures, policies, and security measures that govern how software changes are managed, implemented, and deployed within the ROAR platform. The SDLC process ensures that changes to the system are tracked, reviewed, tested, and implemented in a manner that prioritizes security, confidentiality, and compliance with industry best practices. diff --git a/roar-sdlc.pdf b/roar-sdlc.pdf index 24b8e8b..c7e6df5 100644 Binary files a/roar-sdlc.pdf and b/roar-sdlc.pdf differ