02/17/2021 - 03/02/2021
New team members: Alex Pennington, Jorge Gonzalez & John Willis
- Prioritize finishing out work
- Merge in remaining backend upload PR (431-4) and PRs for #517, #519, the rest of #510 PR to unblock, PR to finish
- Prioritize infrastructure
- Complete staging site login.gov integration (excluded from this goal is auto-deploy to staging)
- Decide on how to replace DockerHub
- Security Controls reviewed and approved by ACF OCIO
- Conduct another round of OFA Testing for language and user flow
- Synthesize round 4 and plan round 5 research
- [Security Control Documentation] AC-02: Account Manangement
- [Security Control Documentation] RA-05: Vulnerability Scanning
- [Security Control Documentation] AC-06: Least Privilege
- #517 Multifactor authentication in DAC
- #518 Remove API endpoint for creating new users
- #510 Env variables
- Improving our Git Workflow (as part of infrastructure)
- Vendor Staging Site deployed
- Documentation updates to Team composition and Definition of done
- #672 Regional Office and Tribal TANF meeting
- #519 As a dev, I would like to be able to assign super user status without SSH
- PR (431-4) Upload backend
- #673 CI/CD for Staging Site
- Security control implementation statements (AC-02(09), AU-02, AC-02(10), AC-02(07), AC-02(03))
- Dependency upgrades
- #661 Annotated Mockups for Upload/Download
- #669 Round 4 Synthesis
- #667 Upcoming workshop calendar
- Security control implementation statements, remaining technical controls in the Customer Responsibilty Matrix (AC-07, IA-08, SC-04, SC-08, SC-20, SC-28, SC-28(01))
- #671 Dev Ready Prototype
- #564 As a developer, I want API docs to be automatically generated in OpenAPI format
- UX Annotated Mockups (Dmitri)
- Staging Site (Carl)
- Multifactor Authentication (Carl)
- New git workflow (Carl)
- Security Control Documents (Kati)