Skip to main content
Table of contents

Security

Access to staging is limited to GDS office IPs

During a recent security incident responders would have liked to be able to test access limitations to certain paths on GOV.UK in the staging environment without running the risk to re-expose sensitive data.
In order to ensure this, the decision to limit access to our staging environment to GDS office IPs was made in the incident review.
We have documented the changes made to the firewall rules in the 6DG/Carrenza vDirector environment in the (private) govuk-provisioning repository.
Access to the staging frontends hosted in AWS is protected by the security group (SG) associated with the external cache load balancer (Link requires AWS Console access).

This page was last reviewed on 10 October 2019. It needs to be reviewed again on 10 April 2020 by the page owner #re-govuk .
This page was set to be reviewed before 10 April 2020 by the page owner #re-govuk. This might mean the content is out of date.