A Secure Deployment Checklist
- 
                     Are Service Catalog and Design installation components accessible only to users? 
- 
                     Have model variables been used in cartridge designs? 
- 
                     Are sensitive variables marked sensitive? 
- 
                     Is sensitive information excluded from the Service Catalog and Design documentation? 
- 
                     Has the Cartridge Management web service been configured to use SSL? 
- 
                     Is a source control system in place? 
- 
                     Does the source control system restrict access to specific users? 
- 
                     Is user-specific source control change tracking enabled? 
- 
                     Do user-accessible update sites require user-specific authentication? 
- 
                     Do the following file and folder permissions restrict access to authorized users or specific components? - 
                           Package installation 
- 
                           Design Studio features 
- 
                           Run-time cartridge archives 
- 
                           Source control repository 
- 
                           Design Studio project data files 
 
-