Justice Sector Security Overview

Security is a cornerstone of all operations within the Justice Sector, where applications handle highly sensitive and confidential information, including legal records, court documents, and evidence. This SECURITY.md file provides essential guidelines, best practices, and requirements to ensure the secure development, deployment, and management of applications within the Emerald OpenShift environment.

In the Justice Sector, maintaining the confidentiality, integrity, and availability of data is paramount. To meet these goals, this document outlines a comprehensive security framework designed to address the unique challenges faced by Justice Sector teams, including:

• Sensitive Data Protection: Best practices for encrypting data at rest and in transit, managing secrets securely, and ensuring compliance with privacy laws and regulations.

• Access Control: Guidelines for implementing Role-Based Access Control (RBAC) and maintaining least-privilege access across environments.

• Audit and Monitoring: Processes for enabling detailed logging, monitoring, and alerting to ensure auditability and proactive identification of security risks.

• Deployment Security: Recommendations for securing CI/CD pipelines, testing for vulnerabilities, and ensuring that deployments are free of security flaws.

These guidelines are mandatory for all teams deploying applications within the Justice Sector. By adhering to the practices outlined in this file, developers, technical leads, and release coordinators can work together to create a secure and compliant digital ecosystem.

Please see this link here for the latest OpenShift Container Security Standard Checklist: https://jag.gov.bc.ca/wiki//display/ITSDPROJ/OpenShift+Container+Security+Standard+Checklist

Please report any issues or vulerabilities with an issue.