Resolve MCP Security Findings

[brianlee731]

1. Remediate Deprecated Python Versions-Unity-a

• https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-4413 (All services)

2. Ensure RDS DB Instances have Encryption at-Rest Enabled-Unity

• https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-5113

3. Ensure Amazon SQS queues are encrypted at rest-Unity

• https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-5027

4. Ensure Elasticsearch/OpenSearch Domains have Encryption at-Rest Enabled-Unity

• https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-5106

5. NASA-SOC-MAR-2025-0053-FreeType Out-of-Bounds Write Vulnerability (CVE-2025-27363) [Unity]

• https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-5009

6. Ensure Attached EBS volumes are encrypted at-rest-Unity

• https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-4986

7. Yearly MCP Tenant OIDC Usage and Reconciliation [Unity]

• https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-5070

8. Update NAMS Workflow Approvers for Kion to Have 2 Approvers-Unity

• https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-4695

9. NASA-SOC-MAR-2025-0030-Linux Kernel Out-of-Bounds Write Vulnerability (CVE-2024-53104)

• https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-4742

10. Ensure Security groups do not allow unrestricted access to ports with high risk-Unity

• https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-3779

11. MCP Q4 FY24 Vulnerability Assessment [Unity]]

• https://jaas.gsfc.nasa.gov/servicedesk/customer/portal/2/GSD-4245