2.5 KiB
2.5 KiB
Warning
This repository is being deprecated. Project documentation has moved to the Airship Docs project, and Airship-in-a-Bottle environment will be merged into the Airship Treasuremap project.
Template for a Security Guide Topic
Updated: 1-AUG-2018
An overview of the scope of this topic.
- depth
-
2
Security Item List
Sensitive Data Security
Sensitive data should be encrypted at-rest.
- Project Scope: Deckhand
- Solution Remediated: The
storagePolicy
metadata determines if Deckhand will persist document data encrypted.- Audit: Testing: Pipeline test checks that documents with a
storagePolicy: encrypted
are not persisted to the database with an intactdata
section.
Sensitive data should be encrypted in-transit.
- Project Scope: Shipyard, Deckhand
- Solution Pending: Shipyard and Deckhand API endpoints should support TLS. See data_security.
- Audit: Pending: Expect to validate post-deployment that endpoints all support TLS
Configuration Guidance
For items that require guidance on configuration that impact a security item please list an item here. Use RST anchors and links to link the security item solution status to this guidance.
Temporary Mitigation Status
Data Security In-Transit
Current work to support Deckhand enabling TLS termination, Shipyard enabling self-signing CAs and Barbican supporting TLS termination.