stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
fa4a98dfef353e6065bb8daaa43c05943205fd49
git.stella-ops.org/docs/security/README.md

34 lines
2.2 KiB
Markdown
Raw Blame History

# Security, Risk & Governance
Authoritative sources for threat models, governance, compliance, and security operations.
## Policies & Governance
- [SECURITY_POLICY.md](../SECURITY_POLICY.md) - responsible disclosure, support windows.
- [GOVERNANCE.md](../GOVERNANCE.md) - project governance charter.
- [CODE_OF_CONDUCT.md](../code-of-conduct/CODE_OF_CONDUCT.md) - Code standards guidelines.
- [SECURITY_HARDENING_GUIDE.md](../SECURITY_HARDENING_GUIDE.md) - deployment hardening steps.
- [policy-governance.md](./policy-governance.md) - policy governance specifics.
- [LEGAL_FAQ_QUOTA.md](../LEGAL_FAQ_QUOTA.md) - legal interpretation of quota.
- [QUOTA_OVERVIEW.md](../QUOTA_OVERVIEW.md) - quota policy reference.
- [risk-profiles.md](../risk/risk-profiles.md) - organisational risk personas.
## Threat Models & Security Architecture
- [authority-threat-model.md](./authority-threat-model.md) - Authority service threat analysis.
- [authority-scopes.md](./authority-scopes.md) - scope model.
- [console-security.md](./console-security.md) - Console posture guidance.
- [pack-signing-and-rbac.md](./pack-signing-and-rbac.md) - pack signing, RBAC guardrails.
- [policy-governance.md](./policy-governance.md) - policy governance controls.
- [rate-limits.md](./rate-limits.md) - rate limiting behaviour.
- [password-hashing.md](./password-hashing.md) - credential storage.
## Audit, Revocation & Compliance
- [audit-events.md](./audit-events.md) - audit event taxonomy.
- [revocation-bundle.md](./revocation-bundle.md) & [revocation-bundle-example.json](./revocation-bundle-example.json) - revocation process.
- [license-jwt-quota.md](../license-jwt-quota.md) - licence/quota enforcement controls.
- [QUOTA_ENFORCEMENT_FLOW.md](../QUOTA_ENFORCEMENT_FLOW.md) - quota enforcement sequence.
- [OFFLINE_KIT.md](../OFFLINE_KIT.md) - tamper-evident offline artefacts.
## Supporting Material
- Module operations security notes: [authority/operations/key-rotation.md](../modules/authority/operations/key-rotation.md), [concelier/operations/authority-audit-runbook.md](../modules/concelier/operations/authority-audit-runbook.md), [zastava/README.md](../modules/zastava/README.md) (runtime enforcement).
- [observability/policy.md](../observability/policy.md) - security-relevant telemetry for policy.
Reference in New Issue View Git Blame Copy Permalink