A Secure Deployment Checklist
-
Are Service Catalog and Design installation components accessible only to users?
-
Have model variables been used in cartridge designs?
-
Are sensitive variables marked sensitive?
-
Is sensitive information excluded from the Service Catalog and Design documentation?
-
Has the Cartridge Management web service been configured to use SSL?
-
Is a source control system in place?
-
Does the source control system restrict access to specific users?
-
Is user-specific source control change tracking enabled?
-
Do user-accessible update sites require user-specific authentication?
-
Do the following file and folder permissions restrict access to authorized users or specific components?
-
Package installation
-
Design Studio features
-
Run-time cartridge archives
-
Source control repository
-
Design Studio project data files
-