This repository has been archived by the owner on Aug 29, 2024. It is now read-only.

Address security issues in playbook #77

Open

5 tasks done

lukefretwell opened this issue Dec 4, 2018 · 1 comment

Assignees

lukefretwell commented Dec 4, 2018 •

edited

Loading

The Playbook does not adequately address security issues. Not all code is suitable for redistribution, nor should they be redistributed. The policy specifies certain SAM exemptions to redistribution and these exemptions should be highlighted in the playbook. We may be able to bring the CDT Office of Information Security in to help work on this but it will take some time.

To-do:

Add security page to playbook
Include the ISO’s role in the Roles and Responsibilities Section
Address policy/2FA
add to playbook: https://codecagov-playbook.readthedocs.io/en/latest/README/
add to doc: https://docs.google.com/document/d/1hXYzV_KW49epVuj9EuUGP1hNNARRMf_yVi1Uz5XX_oI/edit?usp=sharing

Reference:

Security Risk Review. Consult with the Agency CIO and Information Security Officer to determine if there are any identifiable security risks according to SAM 4984.2. If the Agency determines that the code will not be publicly released as open source, the particular risks identified must be logged in the code inventory.

lukefretwell self-assigned this

lukefretwell mentioned this issue

Add security page to playbook #83

Closed

lukefretwell assigned abquirarte

Author

lukefretwell commented Dec 12, 2018

Reference:

https://codecagov-playbook.readthedocs.io/en/latest/security/

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.