The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide security operation program. It is mandatory for all agencies and all cloud services, and provides a standardized approach to security assessment, authorization, and continuous monitoring.
FedRAMP allows clients to meet federal mandate requirements, and save time and money with its streamlined and simplified processes. Being compliant means that the GovDelivery systems have gone through rigorous and comprehensive review that clients can now benefit from.
Our Security Report builds on this compliance, helping our clients reach even higher levels of security by monitoring login attempts of all administrators in their Communications Cloud account.
Viewing the Report
To view the Security Report:
- In the left navigation menu, click Reports and select Security under the Account Reports section.
- Click the Date button, use the Back or Forward buttons to select a year, and then select a month. The report will display data from the selected month.
Reading and Understanding Report Data
The Summary section contains information about login attempts and lockouts across your organizations account.
- Admins Attempted to Login: Total number of administrators who attempted to login.
Note: Login attempts, both successful and unsuccessful, are only counted in this report if a valid email from an existing administrator has been entered.
- Total Login Attempts: Total number of times to login with administrators' accounts—both successfully and unsuccessfully.
- Failed Login Attempts: Total number of times administrators have unsuccessfully attempted to login.
- Login Success Rate: The percentage of administrators who have successfully logged in. This percentage is calculated by the total number of successful logins divided by the total number of login attempts made by administrators.
- Lockouts: Total number of times administrators were locked out.
Administrator Activity Data
The Administrator Activity section breaks down login attempts and lockouts by administrator.
- Email: Email address of administrator.
- Role: Type of administrator role.
- Lockouts: Number of lockouts the admin has. By default, a lockout occurs after three failed login attempts, however, we work with organizations when implementing Communications Cloud to determine whether this number is appropriate for them.
- Failed Logins: Number of unsuccessful login attempts by administrator.
- Login Success: Percentage of successful logins for administrator. This percentage is the number of successful logins divided by the total number of login attempts.
Lockouts by IP Address Data
The Lockouts by IP Address section displays the information relating to where and when a lockout happened, as well as how many lockouts have occurred for each location. This section can give important clues about security, such as suspicious IP addresses indicating someone is trying to gain access from a remote or unusual location.
- IP Address: Internet Protocol address of the user locked out. IP addresses are only listed for lockouts, and not unsuccessful login attempts.
- Lockouts: Number of lockouts that IP address has experienced.
- Last Lockout: Most recent time and date a lockout occurred for that IP address.
Login Attempts outside Trusted IPs
This section shows any login attempts made from IP addresses that are not included in your account's list of trusted IP addresses. This section will only have entries if your organization has provided a list of trusted IP addresses to Granicus. For more information about trusted IP addresses, see the Administrator Security article.
- IP Address: Each IP address has its own entry in this section.
- Attempts: The number of attempts--both successful and failed--initiated from this IP address within the month that the report is currently showing.
- Failures: The number of failed login attempts initiated from this IP address within the month that the report is currently showing.
- Successes: The number of successful login attempts initiated from this IP address within the month that the report is currently showing.
- Last Attempt: The date and time of the last login attempt initiated from this IP address within the month that the report is currently showing.
- Last Result: Whether the last login attempt initiated from this IP address was successful or failed (within the month that the report is currently showing).
Exporting the Report
Export the data in the Administrator Activity and Lockouts by IP Address sections by clicking the CSV (All) buttons on the right side of those sections.