Skip to content

Significant Software Changes and Authorization Requirements in Game Warden

The Department of Defense (DoD) utilizes Game Warden's Platform as a Service (PaaS) to streamline cloud-hosted application development, deployment, and operations. It is crucial to understand how software changes within the Game Warden environment impact security and authorization. This article lays out how Game Warden defines significant software changes for applications which outlines when a new Deployment Passport (DP) is necessary based on deltas in a given cyber risk posture.

Defining Significant Changes

Any significant change to your application will trigger a new security review, Deployment Passport, and Certificate to Field (CtF).

A significant software change in a Game Warden-hosted application refers to any modification that could:

  • Alter the Security Posture: Introduce new vulnerabilities, change data flows, add new user populations, or expose new attack surfaces within the Game Warden environment.

  • Materially Increase Cyber Risk: Expand the potential for unauthorized access, data breaches, or service disruptions specific to the Game Warden platform.

Game Warden Considerations

  • Shared Responsibility Model: Game Warden manages the security of the underlying Game Warden infrastructure and platform.

  • Built-in Security Features: Game Warden incorporates various security features, such as continuous monitoring, automated security testing, and vulnerability scanning. Significant changes may require re-evaluation to ensure continued compliance with the terms of the authorization to operate.

  • Compliance Requirements: Game Warden faciliitates compliance with DoD security standards. Significant changes may require re-evaluation to ensure contineued compliance with the terms of hte authorization to operate.

Examples of Significant Changes

  • Modifying Core Application Logic: Changes to the primary functionality or workflow of the application hosted on Game Warden.
  • Altering Data Handling: Changing how sensitive data is stored, accessed, or processed within the Game Warden environment.
  • Integrating New Services or APIs: Adding new third-party integrations within Game Warden that could expose data or introduce new vulnerabilities.
  • Customizing Security Configurations: Modifying firewall rules, access controls, or encryption settings within the Game Warden platform.
  • Leveraging New Game Warden Features: Utilizing newly released Game Warden features that significantly alter the application's behavior or capabilities.

Routine Updates vs. Significant Changes in Game Warden

Feature Routine Update Significant Change
Scope of Change Minor code adjustments, configuration tweaks, or content updates within the Game Warden environment. Changes to core application logic, data handling, or integration with external services on Game Warden.
Security Impact Minimal impact on the security posture or risk exposure of the Game Warden application. Likely to introduce new vulnerabilities, alter data flows, or change the overall attack surface.
Authorization Typically covered under the existing authorization and do not require a new review by the AO. Requires a new authorization from the AO to ensure the modified software meets security standards.
Examples Deploying new versions of the application with bug fixes, updating configuration files, or adding like content within Game Warden. Implementing a new feature, integrating with a new API, or changing data storage mechanisms on Game Warden.

Return to Help Center Home