Suborbital-Systems-Public/ReadySetGit
3
0
Fork 0
Code Pull Requests Packages Projects Releases Activity

lint formatting fixes

Browse Source
This commit is contained in:
William Sandner
2018-08-23 19:23:45 +02:00
parent bbf98a0dde
commit 7e0a90c44e
43 changed files with 667 additions and 455 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
Design-Security.md
View File

@@ -1,13 +1,15 @@
##### Project:
::PROJECTNAME
##### Project
::PROJECT-NAME
##### Internal Release Number:
##### Internal Release Number
::X.Y.Z
##### Related Documents:
##### Related Documents
- [Design](Design) > Design Security
- ::LINKS TO RELEVANT STANDARDS
- ::LINKS TO OTHER DOCUMENTS
---
### Overview
@@ -87,7 +89,7 @@ features. Some example text is provided. Add or delete text as needed.*
- ::Users must have certificate files on their client machine before
they can connect to the server
- ::Users must have physical security tokens (e.g., hasp, dongle,
smartcard, or fingerprint reader)
smart-card, or fingerprint reader)
- ::Users are given roles that define their permissions. Those roles
are:
- ::Guest: Visitor to the site is not logged in, no permissions
@@ -101,10 +103,10 @@ features. Some example text is provided. Add or delete text as needed.*
- ::Each action (information display or change) requires that the
user has a role with proper permissions
- ::Compromised or abused accounts can be quickly disabled
by administrators. > 
- ::Administrators can review user >  permissions
- ::Administrators can audit all a > ccesses and changes
- ::All communications with the us > er are encrypted (e.g., SSL)
by administrators. >
- ::Administrators can review user > permissions
- ::Administrators can audit all a > ccesses and changes
- ::All communications with the us > er are encrypted (e.g., SSL)
- ::Some communications with the user (e.g., the username
and password) are encrypted (e.g., SSL)
- ::Sessions are tied to a particular client IP-address so that
@@ -131,7 +133,6 @@ features. Some example text is provided. Add or delete text as needed.*
### Security Checklist
#### Protection of data: To what extent has this been achieved?
::2-4 SENTENCES
@@ -145,6 +146,7 @@ features. Some example text is provided. Add or delete text as needed.*
::2-4 SENTENCES
#### Accountability/auditing: To what extent has this been achieved?
::2-4 SENTENCES
#### Have these security mechanisms been communicated to the development team and other stakeholders?