From a536d5d9caf60acc78291466e50096b1d71a047b Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Mon, 30 Sep 2024 17:06:09 -0400 Subject: [PATCH] docs: fedramp table fix --- .../access-controls/compliance-frameworks/fedramp.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/pages/admin-guides/access-controls/compliance-frameworks/fedramp.mdx b/docs/pages/admin-guides/access-controls/compliance-frameworks/fedramp.mdx index dad32a0f36c1..7273ed3152f8 100644 --- a/docs/pages/admin-guides/access-controls/compliance-frameworks/fedramp.mdx +++ b/docs/pages/admin-guides/access-controls/compliance-frameworks/fedramp.mdx @@ -19,8 +19,8 @@ government agencies. | - | - | | [AC-02 Account Management]((=fedramp.control_url=)AC-02) | Audit events are emitted in the Auth Service when a user is created, updated, deleted, locked, or unlocked. | | [AC-03 Access Enforcement]((=fedramp.control_url=)AC-03) | Teleport Enterprise supports robust [Role-based Access Controls (RBAC)](../access-controls.mdx) to:
• Control which infrastructure resources a user can or cannot access.
• Control cluster level configuration (session recording, configuration, etc.)
• Control which Unix logins a user is allowed to use when logging into a server. | -| [AC-07 Unsuccessful Logon Attempts]((=fedramp.control_url=)AC-07) | Teleport Enterprise supports robust [Role-based Access Controls (RBAC)](../access-controls.mdx) to:
• Control which resources a user can or cannot access.
• Control cluster level configuration (session recording, configuration, etc.)
• Control which Unix logins a user is allowed to use when logging into a server. | Teleport supports two types of users: local and SSO-based accounts (GitHub, Google Apps, Okta, etc). For local accounts, by default, Teleport locks accounts for 30 minutes after 5 failed login attempts. For SSO-based accounts, the number of invalid login attempts and lockout time period is controlled by the SSO provider. | -| [AC-08 System Use Notification]((=fedramp.control_url=)AC-08) | Teleport Enterprise supports robust [Role-based Access Controls (RBAC)](../access-controls.mdx) to:
• Control which resources a user can or cannot access.
• Control cluster level configuration (session recording, configuration, etc.)
• Control which Unix logins a user is allowed to use when logging into a server. | Teleport integrates with Linux Pluggable Authentication Modules (PAM). PAM modules can be used to display a custom message on login using a message of the day (MOTD) module within the Session management primitive. | +| [AC-07 Unsuccessful Logon Attempts]((=fedramp.control_url=)AC-07) | Teleport supports two types of users: local and SSO-based accounts (GitHub, Google Apps, Okta, etc). For local accounts, by default, Teleport locks accounts for 30 minutes after 5 failed login attempts. For SSO-based accounts, the number of invalid login attempts and lockout time period is controlled by the SSO provider. | +| [AC-08 System Use Notification]((=fedramp.control_url=)AC-08) | Teleport integrates with Linux Pluggable Authentication Modules (PAM). PAM modules can be used to display a custom message on login using a message of the day (MOTD) module within the Session management primitive. | | [AC-10 Concurrent Session Control]((=fedramp.control_url=)AC-10) | Teleport administrators can define concurrent session limits using Teleport’s RBAC. | | [AC-12 Session Termination]((=fedramp.control_url=)AC-12) | Admins can terminate active sessions with [session locking](../../access-controls/guides/locking.mdx). Teleport terminates sessions on expiry or inactivity. | | [AC-17 Remote Access]((=fedramp.control_url=)AC-17) | Teleport administrators create users with configurable roles that can be used to allow or deny access to system resources. |