3220c569-8dad-4038-9710-049eeef0ef33
— Retrievable via GET /ai/narratives/3220c569-8dad-4038-9710-049eeef0ef33
The organization:
(a) Develops, documents and disseminates to [Assignment: organization-defined personnel or roles]: 1. An access control policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the access control policy and associated access controls; and
(b) Reviews and updates the current: 1. Access control policy [FedRAMP Assignment: at least every 3 years]; and 2. Access control procedures [FedRAMP Assignment: at least annually].
Responsible Role: Dragon Security Engineer, Dragon Security Analyst, Dragon Program Manager
| Parameter | Prompt | Dragon Value |
|---|---|---|
| AC-1(a) | [Assignment: organization-defined personnel or roles] | Security team roles |
| AC-1(b)(1) | [FedRAMP Assignment: at least every 3 years] | Every 3 years |
| AC-1(b)(2) | [FedRAMP Assignment: at least annually] | Annually |
Implementation Status (check all that apply): - ☒ Not applicable
Control Origination (check all that apply): - ☒ Service Provider Corporate
| Part | Requirement | Dragon Implementation | Inheritance | Customer Responsibility |
|---|---|---|---|---|
| a | Develops, documents and disseminates access control policy and procedures | Not evidenced in snapshot; requires procedural artifacts | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure (AWS 2023). | Ensure policy dissemination to users |
| b1 | Reviews and updates access control policy at least every 3 years | Not evidenced in snapshot; requires procedural artifacts | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure (AWS 2023). | Review policy every 3 years |
| b2 | Reviews and updates access control procedures at least annually | Not evidenced in snapshot; requires procedural artifacts | Dragon partially inherits this control from the underlying AWS FedRAMP-authorized infrastructure (AWS 2023). | Review procedures annually |
High-level planning + tools used (no chain-of-thought). This helps validate the narrative is evidence-driven.
| Tool | Args | Result |
|---|---|---|
aws_default_evidence_snapshot |
{
"account_id": "000000000000",
"ingestion_run_id": null,
"sample_limit": 10
} |
ok |
The exact evidence data the AI model used to generate this narrative. Stored with every generated narrative for traceability (AU-3).
{
"account_id": "000000000000",
"analysis": {
"evidence_needs": [],
"preferred_tables": []
},
"control_id": "AC-1",
"ingestion_run_id": null,
"tool_calls": [
{
"args": {
"account_id": "000000000000",
"ingestion_run_id": null,
"sample_limit": 10
},
"name": "aws_default_evidence_snapshot"
}
],
"tool_outputs": [
{
"args": {
"account_id": "000000000000",
"ingestion_run_id": null,
"sample_limit": 10
},
"name": "aws_default_evidence_snapshot",
"result": {
"counts": {
"assets": [],
"data_stores": [],
"identities": [],
"network_components": []
},
"summaries": {
"cloudtrail": {
"cloudwatch_logs_integration_trails_count": 0,
"kms_enabled_trails_count": 0,
"log_file_validation_enabled_trails_count": 0,
"logging_enabled_trails_count": 0,
"multi_region_trails_count": 0,
"sample_trails": [],
"total_trails": 0
},
"cloudwatch_logs": {
"kms_encrypted_log_groups_count": 0,
"log_groups_with_retention_count": 0,
"log_groups_without_retention_count": 0,
"sample_log_groups_without_retention": [],
"total_log_groups": 0
},
"cm8_inventory": {
"counts": {
"assets": [],
"data_stores": [],
"identities": [],
"network_components": []
},
"ebs_volumes": {
"encrypted_volumes_count": 0,
"sample_unencrypted_volumes": [],
"total_volumes": 0,
"unencrypted_volumes_count": 0
}
},
"ec2_instances": {
"monitoring_enabled_count": 0,
"sample_instances": [],
"states": {},
"total_instances": 0
},
"iam_authentication_posture": {
"credential_report": null,
"password_policy": null
},
"iam_policy_attachments": {
"roles_total": 0,
"roles_with_attached_policies_count": 0,
"roles_with_inline_policies_count": 0,
"sample_roles": [],
"sample_users": [],
"top_attached_policies": [],
"top_inline_policy_names": [],
"users_total": 0,
"users_with_attached_policies_count": 0,
"users_with_inline_policies_count": 0
},
"iam_users": {
"active_access_keys_count": 0,
"mfa_disabled_count": 0,
"mfa_enabled_count": 0,
"sample_users": [],
"total_users": 0
},
"network_boundary": {
"counts_by_resource_type": {},
"sample": {
"internet_gateway": [],
"nat_gateway": [],
"network_acl": [],
"route_table": [],
"vpc_endpoint": []
}
},
"rds_instances": {
"encrypted_rds_instances_count": 0,
"publicly_accessible_rds_instances_count": 0,
"sample_unencrypted_rds_instances": [],
"total_rds_instances": 0,
"unencrypted_rds_instances_count": 0
},
"s3_buckets": {
"encrypted_buckets_count": 0,
"public_access_block_missing_count": 0,
"sample_unencrypted_buckets": [],
"total_buckets": 0,
"unencrypted_buckets_count": 0
},
"security_groups": {
"sample_world_open_security_groups": [],
"security_groups_with_world_open_ingress_count": 0,
"total_security_groups": 0,
"world_open_ingress_rule_count": 0
},
"vpc_flow_logs": {
"deliver_logs_success_count": 0,
"sample_flow_logs": [],
"total_flow_logs": 0
}
}
}
}
],
"tool_plan": {
"tool_calls": [
{
"args": {
"account_id": "000000000000",
"ingestion_run_id": null,
"sample_limit": 10
},
"name": "aws_default_evidence_snapshot"
}
]
}
}