The AMS Advanced Customer Security Risk Management (CSRM) process helps to clearly identify and communicate risks to the right owners. This process minimizes the security risks in your environment and reduces ongoing operational overhead for identified risks.
By default, when someone from your organization requests that AMS implement a change to your managed environment, AMS reviews the change to determine if the request falls outside of the technical standards, which might alter the security posture of your account. If there is a high or very high security risk, then the change review is accepted or rejected by your authorized security personnel. Requested changes are also evaluated for adverse effects on AMS's ability to operate the account. If the review finds possible adverse impacts, then additional reviews and approvals are required within AMS.
You can opt-out from the approval based workflow in the CSRM process for high or very high risks. To change the CSRM option for specific accounts from Standard CSRM to Notification Only, work with your Cloud Service Delivery Managers to create a one-time risk acceptance. If you choose to proceed with the Notification Only option, then AMS implements the requested changes regardless of the risk category. And, AMS sends a risk notification to your authorized risk approvers instead of seeking approval prior to the change implementation. Speak with your Cloud Architects or Cloud Service Delivery Managers for more information about the AMS CSRM process, how to change the default CSRM option when onboarding new AMS accounts, or how to update existing accounts.
Note
AMS strongly recommends that you use the default option of Standard CSRM in all of your accounts.
