IBM Cloud Docs
IBM Cloud account setup

IBM Cloud account setup

An IBM Cloud account is needed to provision and manage IBM Cloud services that make up the reference architectures of the IBM Cloud for Financial Services. Along with the high-level steps to follow, we describe some of the best practices for account setup that will help you satisfy the requirements of the IBM Cloud Framework for Financial Services. In addition, the most relevant control requirements are provided.

  1. Create an IBM Cloud account. For more information, see Create your account.

    It is highly recommended that you use a functional ID that is owned by your company rather than an employee's personal ID. A functional ID is a company-owned email address (such as ibm-cloud-admin@domain.com) used to represent a functional user. This allows for uninterrupted administrative access by the account owner as employees leave the company or are reassigned to other projects.

    The following table shows the controls that are most related to this step.

    Table 1. Related controls in IBM Cloud Framework for Financial Services for account creation
    Family Control
    Access Control (AC) AC-2 Account Management

  2. Set up the Activity Tracker Event Routing service as described in Audit logging for IBM Cloud events. This enables IBM Cloud platform events to be recorded for auditing purposes. Setting this up early in the process is important so that all platform events that occur during the rest of these steps are available in the audit logs.

    The following table shows the controls that are most related to this step.

    Table 2. Related controls in IBM Cloud Framework for Financial Services for audit logging
    Family Control
    Access Control (AC) AC-2 Account Management
    AC-2 (1) Account Management | Automated System Account Management
    AC-2 (4) Account Management | Automated Audit Actions
    AC-2 (7) Account Management | Privileged User Accounts
    Audit and Accountability (AU) AU-3 Content of Audit Records
    AU-4 Audit Log Storage Capacity
    AU-5 Response to Audit Processing Failures
    AU-6 Audit Record Review, Analysis. and Reporting
    AU-6 (1) Audit Record Review, Analysis. and Reporting | Automated Process Integration
    AU-7 Audit Record Reduction and Report Generation
    AU-10 Non-repudiation
    AU-11 Audit Record Retention

  3. Upgrade your account to either Pay-As-You-Go or Subscription. For more information, see Upgrading your account.

    It is highly recommended to upgrade to a Subscription account so that you can set up an enterprise. Enterprises offer significant advantages in your ability to scale your environment over time as described in Enterprise account architecture.

  4. Enable multi-factor authentication (MFA) by using the U2F MFA type for all users in your account. Users authenticate by using a physical hardware-based security key that generates a six-digit numerical code. Based on the FIDO U2F standard, this method offers the highest level of security. This security is needed because the IBM Cloud Framework for Financial Services requires a smart card or hardware token that is designed and operated to FIPS 140-2 level 2 or higher or equivalent (for example, ANSI X9.24 or ISO 13491-1:2007).

    The following table shows the controls that are most related to this step.

    Table 3. Related controls in IBM Cloud Framework for Financial Services for multi-factor authentication
    Family Control
    Identification and Authentication (IA) IA-2 (1) Identification and Authentication (Organizational Users) | Multi-factor Authentication To Privileged Accounts
    IA-2 (11) Identification and Authentication (Organizational Users) | Remote Access - Separate Device

  5. Restrict IP addresses from which a user can access the IBM Cloud account. For more information, see Allowing specific IP addresses for an account for more information.

    The following table shows the controls that are most related to this step.

    Table 4. Related controls in IBM Cloud Framework for Financial Services for restricting IP addresses
    Family Control
    Access Control (AC) AC-4 Information Flow Enforcement
    System and Communications Protection (SC) SC-7 Boundary Protection
    SC-7 (5) Boundary Protection | Deny By Default - Allow By Exception

  6. While optional, it is recommended that you enable authentication from an external identity provider (IdP) to securely authenticate external users to your IBM Cloud account. This provides a way for your employees to use your company's single sign-on (SSO) solution.

  7. Enable the IBM Cloud for Financial Services Validated setting in your account. With this setting, you can filter the catalog for services that are designated as Financial Services Validated and indicates that your account stores regulated financial services information. If you enable Financial Services Validated, your account still has access to the full public catalog. For more information, see Enabling your account to use Financial Services Validated products.

    The following table shows the controls that are most related to this step.

    Table 5. Related controls in IBM Cloud Framework for Financial Services for using only Financial Services Validated services
    Family Control
    Access Control (AC) AC-20 Use of External Information Systems
    System and Services Acquisition (SA) SA-4 Acquisitions Process
    SA-9 External Information System Services
    Enterprise System and Services Acquisition (ESA) ESA-5 Subcontractor Risk Management
    Security Assessment and Authorization (CA) CA-3 System Interconnections

  8. Set the session inactivity timeout to 15 minutes. For more information, see Setting the sign-out due to inactivity duration.

    The following table shows the controls that are most related to this step.

    Table 6. Related controls in IBM Cloud Framework for Financial Services for using only session inactivity timeout
    Family Control
    Access Control (AC) AC-11 Session Lock

  9. Update company profile details.

    The following table shows the controls that are most related to this step.

    Table 7. Related IBM Cloud Framework for Financial Services controls for updating company profile details
    Family Control
    Configuration Management (CM) CM-8 (4) Information System Component Inventory | Accountability Information

  10. Set email preferences for notifications. You can receive email notifications about IBM Cloud platform-related items, such as announcements, critical events, security notices, billing and usage, and ordering.

    The following table shows the controls that are most related to this step.

    Table 8. Related IBM Cloud Framework for Financial Services controls for configuring notifications
    Family Control
    System and Information Integrity (SI) SI-2 Flaw Remediation
    SI-5 Security Alerts & Advisories

  11. Choose a support plan. For more information, see Basic, Advanced, and Premium Support plans.

Next steps