Are Service Catalog and Design installation components accessible only to users?

Have model variables been used in cartridge designs?

Are sensitive variables marked sensitive?

Is sensitive information excluded from the Service Catalog and Design documentation?

Has the Cartridge Management web service been configured to use SSL?

Is a source control system in place?

Does the source control system restrict access to specific users?

Is user-specific source control change tracking enabled?

Do user-accessible update sites require user-specific authentication?

Do the following file and folder permissions restrict access to authorized users or specific components?

• Package installation

• Design Studio features

• Run-time cartridge archives

• Source control repository

• Design Studio project data files