Hop And Haul Policies

Appearance

NIST 800-53 Access Control Policy (AC)

Document ID: PLCY-NIST-AC-001
Version: 1.0
Effective Date: December 30, 2025
Last Review: December 30, 2025
Owner: Hop And Haul Team

CONFIDENTIAL

This document is CONFIDENTIAL and for internal use only. Do not distribute outside the organization.

1. Purpose

This document defines Hop And Haul' implementation of the NIST 800-53 Access Control (AC) family for FedRAMP Moderate authorization. It establishes policies and procedures for managing access to Hop And Haul systems and data, ensuring appropriate controls are in place to protect against unauthorized access.

2. Scope

This policy applies to:

  • All Hop And Haul system components within the authorization boundary
  • All users (drivers, riders, fleet administrators, support staff, system administrators)
  • All access methods (mobile application, web portal, API)
  • All data classifications (public, internal, confidential, restricted)

3. Access Control Policy and Procedures (AC-1)

3.1 Policy Statement

Hop And Haul implements access controls that:

  • Restrict access to authorized users based on business need and role
  • Enforce separation of duties for critical functions
  • Implement least privilege for all accounts
  • Log all access attempts for audit and accountability

3.2 Responsibilities

RoleResponsibilities
Security TeamDefine access control requirements, review policies
System AdministratorsImplement and maintain access controls
Fleet AdministratorsManage user access within their organization
All UsersComply with access control policies

3.3 Review Frequency

ActivityFrequency
Policy reviewAnnual
Access rights reviewQuarterly
Privileged account reviewMonthly

4. Account Management (AC-2)

4.1 Account Types

Account TypeDescriptionProvisioningLifecycle
DriverFleet driver mobile accessFleet admin approvalEmployment-based
RiderMobile app userSelf-registration + org verificationOrg membership
Fleet AdminFleet management portalCustomer onboardingContract duration
Support StaffCustomer support accessHR + Security approvalEmployment-based
System AdminInfrastructure accessSecurity approval + 2-personEmployment-based

4.2 Account Management Controls

ControlRequirementImplementation
AC-2(1)Automated account managementSSO integration with corporate IdP
AC-2(2)Temporary account removalAuto-disable after 90 days inactivity
AC-2(3)Disable inactive accounts30-day warning, 90-day disable
AC-2(4)Automated audit actionsAll account changes logged to audit trail

4.3 Account Provisioning Workflow 

Request → Manager Approval → Security Review → IdP Provisioning →
Role Assignment → Access Granted → Audit Log Entry

4.4 Account Termination

TriggerActionTimeline
Employment terminationImmediate disableWithin 4 hours
Contract endScheduled disableEnd of contract day
Security incidentEmergency disableImmediate
InactivityWarning then disable30/90 days

5. Access Enforcement (AC-3)

5.1 Authorization Model

Hop And Haul implements Role-Based Access Control (RBAC) with organization-scoped permissions:

ComponentEnforcement PointMechanism
Mobile APIAPI GatewayJWT claims + middleware validation
Admin PortalApplication layerSession role + permission check
DatabasePostgreSQLRow Level Security (RLS) policies
InfrastructureAWS IAMPolicy-based access control

5.2 Access Decision Process 

Request → Authenticate → Extract Claims → Check Role →
Check Org Scope → Check Resource Permission → Allow/Deny

5.3 Server-Side Enforcement

All access decisions are made server-side:

RequirementImplementation
No client-side authorizationAll auth logic in API backend
No PII before authenticationData masked until session established
No cross-tenant data exposureOrg ID validated on every request

6. Information Flow Enforcement (AC-4)

6.1 Data Flow Controls

FlowSourceDestinationControls
Location dataDriver deviceHop And Haul APIFuzzification pre-match
Ride detailsHop And HaulRider appRole-filtered response
Fleet dataHop And HaulAdmin portalOrg-scoped queries
Audit logsApplicationLog storageAppend-only, encrypted

6.2 Tenant Isolation

LayerControlImplementation
ApplicationOrg ID validationMiddleware enforces org context
DatabaseRow Level SecurityPostgreSQL RLS policies
StorageKey separationPer-tenant encryption keys

7. Separation of Duties (AC-5)

7.1 Function Separation

FunctionCannot Be Combined With
User provisioningSecurity audit review
Code deploymentCode review approval
Database administrationApplication administration
Financial approvalFinancial execution
Safety overrideSafety investigation

7.2 Implementation

ControlMechanism
Dual control for critical operations2-person approval workflow
No self-approvalSystem prevents self-approval
Audit trailAll approvals logged with approver ID

8. Least Privilege (AC-6)

8.1 Privilege Levels

RoleBase PrivilegesElevated Privileges
DriverView own rides, accept offersNone
RiderRequest rides, view own historyNone
Fleet AdminManage own fleet usersView fleet reports
Support StaffView assigned ticketsTime-boxed data access
System AdminInfrastructure managementBreak-glass emergency access

8.2 Privilege Restrictions

ControlImplementationReference
AC-6(1)Security functions require explicit authorizationRole assignment workflow
AC-6(2)Non-privileged access for non-security functionsDefault role restrictions
AC-6(5)Privileged accounts separately managedDedicated admin accounts
AC-6(9)Privileged function use loggedAudit trail logging
AC-6(10)Privileged functions blocked for non-privileged usersRBAC enforcement

9. Unsuccessful Logon Attempts (AC-7)

9.1 Lockout Policy

ParameterValue
Maximum failed attempts5
Lockout duration15 minutes (auto-unlock)
Counter resetAfter successful login
NotificationUser + Security team (>3 failures)

9.2 Response Actions

ThresholdAction
3 failed attemptsSecurity alert generated
5 failed attemptsAccount locked, user notified
10 failed attempts (within 24h)Security investigation triggered
Geographic anomalyStep-up authentication required

10. System Use Notification (AC-8)

10.1 Banner Requirements

All systems display use notification before authentication:

This is a Hop And Haul system. Access is restricted to authorized
users only. All activities are monitored and logged. Unauthorized
access attempts will be reported to appropriate authorities.

10.2 Acknowledgment

SystemAcknowledgment Method
Mobile appAccept terms on first launch
Admin portalBanner display before login
APITerms in developer agreement

11. Session Controls (AC-11, AC-12)

11.1 Session Lock (AC-11)

PlatformInactivity TimeoutLock Mechanism
Mobile app15 minutesRequire biometric/PIN to resume
Admin portal30 minutesRe-authentication required
API session15 minutes (token expiry)New token required

11.2 Session Termination (AC-12)

TriggerAction
User logoutImmediate session invalidation
Token expiryAccess denied, refresh required
Security eventAll user sessions terminated
Device changePrevious sessions invalidated

11.3 Token Management

Token TypeLifetimeScopeRevocation
Access token15 minutesUser sessionAutomatic expiry
Refresh token7 daysToken renewalRevocation list
Ride trackingRide + 15 minSingle rideAuto-expire
API bearer24 hoursIntegrationManual rotation

12. Remote Access (AC-17)

12.1 Remote Access Methods

MethodUse CaseControls
Mobile APIDriver/Rider appsTLS 1.3, JWT auth, device binding
Admin portalFleet managementTLS 1.3, SSO, MFA required
VPNInfrastructure accessCloudflare Zero Trust, MFA
SSHEmergency accessJump host, key-based, logged

12.2 Remote Access Controls

ControlImplementation
AC-17(1) MonitoringAll remote sessions logged
AC-17(2) EncryptionTLS 1.3 for all connections
Geographic restrictionsAccess blocked from high-risk regions
Device postureMDM compliance check (planned)

13. Mobile Device Access (AC-19)

13.1 Mobile Access Requirements

RequirementImplementationStatus
Device authenticationBiometric or PIN requiredImplemented
Secure storageiOS Keychain / Android KeystoreImplemented
Root/jailbreak detectionApp-level checkImplemented
MDM enrollmentFleet-managed devicesPlanned (Phase 2)

13.2 Mobile Security Controls

ControlDescription
App transport securityEnforce TLS, certificate pinning
Data protectionEncryption at rest on device
Session bindingSession tied to device fingerprint
Remote wipeAdmin can revoke device access

14. Hop And Haul-Specific Access Controls

14.1 Location Data Access

PhaseAccess LevelControls
Pre-matchFuzzed location (1-2 mi radius)No precise GPS exposed
Post-acceptPrecise pickup pointTime-limited access
Post-rideNo location accessToken auto-expired
Safety incidentFull trail accessBreak-glass, logged

14.2 Rate Limiting

ResourceLimitRationale
Ride offers3 per hourPrevent stalking patterns
Post-decline suppression30 minutesAnti-harassment
Data export100 recordsPrevent bulk extraction
API requests1000/hourDoS prevention

15. FedRAMP-Specific Enhancements (Planned)

EnhancementTarget ControlTimelineDescription
PIV/CAC authenticationIA-2(12)Phase 3Federal credential support
FIPS 140-2 cryptoSC-13Phase 3Validated cryptographic modules
Automated provisioningAC-2(1)Phase 2SCIM integration
Device attestationAC-19Phase 2MDM compliance verification

16. Related Documents

DocumentRelationship
PLCY-SEC-001Security controls implementation
PLCY-ACC-001Access control matrix
PLCY-AUD-001Audit logging requirements
PLCY-FED-005NIST control mapping

17. Document Control

VersionDateAuthorChanges
1.0December 30, 2025Hop And Haul TeamInitial release

CONFIDENTIAL - Internal Use Only - Hop And Haul Policy Documentation

Hop And Haul Team - Do Not Distribute