securedrop-docs icon indicating copy to clipboard operation
securedrop-docs copied to clipboard

Published 20 hours ago verified publisher icon freedomofpress

Provide more detailed operational security requirements and best practices

Open ghost opened this issue 7 years ago • 3 comments

Feature request

Description

It would be good to have guidelines and examples on how to deal with physical security protocols (is it a proper English way to say that ?). For instance: you must lock the server room with a key or keep the admin key with you at all time etc.

There should also be recommendations about where, in the newsroom or elsewhere, the servers should be stored. For instance is it good practice to store the SVS in a safe ? Should it be wrapped in a tamper evident bag ? etc.

User Stories

As an admin responsible for the deployment of SecureDrop I want a checklist to remind me of physical security protocols.

ghost avatar Dec 12 '17 14:12 ghost

Renaming, rewriting, and expanding this page might be one way to go: https://docs.securedrop.org/en/stable/deployment/minimum_security_requirements.html.

pierwill avatar Jan 10 '18 03:01 pierwill

Retitled issue. While we can't be exhaustive, the "minimum security requirements" could indeed be fleshed out and clarified a bit.

eloquence avatar Oct 20 '20 21:10 eloquence

We should revisit this once we've done more threat model review. Flagging for @l3th3's attention, but IMO tis blocked for now.

zenmonkeykstop avatar Jan 05 '23 16:01 zenmonkeykstop