Overview
Access controls implemented in Pega Support to ensure clients who require restricted access to their data, for internal Pega users, are accommodated for example: US Only access. This is particularly key to certain government clients. Clients using Pega Cloud for Government (PCFG) software are all considered to be following FedRAMP restrictions. In addition, some on-premises clients also follow FedRAMP.
The initial implementation focuses on FedRAMP requirements. This will be expanded over time.
This document provides an overview of the alternate support arrangements available for clients requiring such restricted access.
Objective
To strengthen data security and enable strict compliance, by enforcing data access restrictions, masking sensitive fields, and limiting report visibility.
Requesting Access Exception
When working cases with restricted access e.g. FedRAMP, it is expected that the case handling is done by FedRAMP certified engineers only, unless express permission is obtained from a Security contact affiliated to your account. This is currently available for FedRAMP clients only.
The FedRAMP Exception process allows Pega to seek your approval for non-authorized users to assist with the troubleshooting of FedRAMP cases. The authorization will apply only on a case-by-case basis.
This feature should allow us to easily request, document and report on exceptions, which you've approved, allowing us to trace those approvals for audits purposes.
For example: When we request an exception on a ticket, your Security contacts are notified. Only your security contact can approve or deny the request. Activity history is reportable and viewable on the case.
Receiving a request
When a Pega Support engineer submits an exception request, for a specific case, 4 distinct actions take place:
| Action | Description | Message text |
|---|---|---|
| 1 | A public pulse post is added to the case with the following text: |
Case Status changed to Pending-Client Action Note: Waiting for approval from one of the following security contacts: A list of the all the Security contacts affiliated to your account is displayed. Details: The text of the email to the Security contacts is displayed (see step 3). |
| 2 | The case status is updated to Pending-Client Action | |
| 3 | An email is triggered to all security contacts on your account, with the following text: |
Subject: <<INC-ID>> - Approval Required for FedRAMP Exception for Ticket Handling Email Body: Dear security contact for <Account Name>, For <INC-ID (hyperlinked), Short description>, we are seeking your approval to allow non-FedRAMP certified Pega engineers to assist in the investigation. Additional expert involvement will expedite the resolution. |
| 4 |
An assignment is added to your case: Review security exception This is assigned to your security contacts (i.e. anyone on your account with the security contact role can fulfil this assignment) |
When a Security contact logs into MSP the Open tickets section of the Home page will display Tickets pending my action. This will include the ticket which is pending approval. The Security contact can access the ticket by clicking the Case ID link.
Security contacts will see the assignment (as outlined in Action 4 above), displayed with a Start button. Other MSP users will see the assignment, without the Start button.
To approve / reject the request the security contact can simply click the Start button and select either Reject or Approve.
Only one Security Contact is required to approve/reject the request.
Once a selection has been made the case status reverts back to its previous status, for example: Triage or Open-Investigation.
In addition, a pulse post is added to the case confirming your selection, for example:
Security exception request has been Rejected by the Security Contact <Security contact name>
OR
Security exception request has been Approved by the Security Contact <Security contact name>
Rest assured such exception requests will only be made when absolutely necessary. Additional expert involvement will expedite the resolution of your case.