Tenant Shared Service Agreement

Tenant Shared Service Agreement #

This document serves as the “Shared Services Agreement” for this group as a “tenant” of the AppDat Platform.

Shared Service Responsibilities #

The following sections detail the shared service responsibilities that are required for the use of the AppDat Platform.

Tenant NIST Control Implementations #

AppDat’s continuous Authority to Operate (cATO) model has defined a subset of the NIST 800-53, Rev. 5, security controls that fall under the responsibility of each AppDat tenant. The controls have been seeded as “Issues” on this repository.

It is the responsibility of the tenant to review and add your implementation details. Detailed instructions on this process are described below and should be performed by the technical and security leadership of the tenant organization.

In cases where the AppDat team is managing all aspects of the tenant’s systems — for example, for tenants who only use AppDat to deploy COTS or FOSS solutions — the AppDat SREs are responsible for completing the implementation details on behalf of the tenant.

It is the responsibility of the AppDat ISSO to review and approve each implementation, which is represented by closing the “Issue.”

Control Implementation Instructions #

To complete the required NIST controls for your organization, perform the following steps:

  1. Navigate to the “Issues” tab of this repository.
  2. For each control “Issue,” perform the subsequent steps:
    • Review the “Control Text” and “Recommended AppDat Tenant Implementation.”
    • Add a new comment to the “Issue” with either:
      • A detailed implementation description for how your organization meets the requirements described in the control text, or
      • An acceptance and agreement to follow the AppDat recommended implementation, with a statement of: “AppDat recommended implementation is implemented and followed.”
    • Add the following label: implementation-completed

AppDat and Tenant Responsibilities #

AppDat Responsibilities #

  • Infrastructure Management: Ensure the platform’s underlying infrastructure is operational, secure, and regularly maintained.
  • Service Availability: Maintain consistent platform uptime and reliability.
  • Support Services: Provide technical support and troubleshooting within the purchased support hours.
  • Updates and Patches: Apply necessary updates, patches, and security fixes to ensure platform integrity.
  • Monitoring and Alerts: Continuously monitor the platform and provide alerts for any critical issues.

Tenant Responsibilities #

  • Application Management: Manage and maintain any applications deployed on the platform, including configurations and updates.
  • Usage Compliance: Ensure usage aligns with the platform’s terms of service and policies.
  • Data Security: Protect sensitive data by following security best practices and managing access controls.
  • Issue Reporting: Promptly report any issues or incidents to the AppDat support team for resolution.
  • Support Utilization: Track and manage the use of purchased support hours to address specific needs effectively.