This repository was archived by the owner on Aug 29, 2024. It is now read-only.
This repository was archived by the owner on Aug 29, 2024. It is now read-only.
Address security issues in playbook #77
Description
via @mannyb16:
The Playbook does not adequately address security issues. Not all code is suitable for redistribution, nor should they be redistributed. The policy specifies certain SAM exemptions to redistribution and these exemptions should be highlighted in the playbook. We may be able to bring the CDT Office of Information Security in to help work on this but it will take some time.
To-do:
- Add security page to playbook
- Include the ISO’s role in the Roles and Responsibilities Section
- Address policy/2FA
- add to playbook: https://codecagov-playbook.readthedocs.io/en/latest/README/
- add to doc: https://docs.google.com/document/d/1hXYzV_KW49epVuj9EuUGP1hNNARRMf_yVi1Uz5XX_oI/edit?usp=sharing
Reference:
Security Risk Review. Consult with the Agency CIO and Information Security Officer to determine if there are any identifiable security risks according to SAM 4984.2. If the Agency determines that the code will not be publicly released as open source, the particular risks identified must be logged in the code inventory.
Metadata
Metadata
Assignees
Labels
No labels