///Cybersecurity Template
Cybersecurity Template 2017-11-13T12:57:41+00:00

Security templates. https://www.fedramp.gov/resources/templates-2016/

Here’s a list of some of the things I was looking to ensure was included in the project documentation:

  • Data flow diagrams.
  • Network diagrams.
  • Information about interconnected systems
  • Inventories of applications and technologies used.
  • Programming languages used.
  • A description of the Secure development process. Is code scanning done in development with tools such as DevInspect or Greenlight?
  • Further details on all forms including type, character limitations, specs on input validation. How are fields protected from injection attacks?
  • Security specs, details on all encryption algorithms, etc.
  • List of all IP protocols utilized for everyday functionality as well as administration with IP type (TCP/UDP) and direction (Inbound, Outbound, Bi-directional) as well as purpose.
  • Configuration baselines for servers and devices. Documentation that shows servers and devices have been hardened appropriately per security best practices. Are default accounts removed or disabled? Are patches & hotfixes installed? Are unnecessary applications or services removed or disabled? Are firewalls locked down?
  • List of all open source code licenses used.
  • List of training that developers take related to information security and devops security as well as how often.