A government department has converted their internal software development environment into a
cloud services offering. The department is actively marketing the capability to other agencies. The
other agencies are interested, but identity compliance is a serious concern.
How can the department improve trust within their service offering?
A.
Establish a single sign-on capability in the cloud and federate with each subscribing agency
using strong authentication policies and end-point access control.
B.
Harden the cloud service infrastructure stack. Use geographic location to ensure agencies can
only access servers that host their development environment.
C.
Identify the confidentiality, integrity and availability requirements for agency data. Use rights
management software to restrict access to the agency�s own data.
D.
Provide a self-service portal that describes how the department�s security policy is
implemented. Require users to accept the policy each time it is amended.