The Security Guardrails initiative was started with the goal of democratizing security knowledge by empowering our caregivers with readily-available guidance on important security topics, so that they can proactively integrate security into their daily work. The Security Architecture team of Information Security is pleased to introduce the Security Guardrails site – a one-stop shop for everything related to Security Guardrails.
The site contains detailed information about the Security Guardrails initiative, frequently-asked questions, and the processes to request a new guardrail, provide feedback, or seek assistance to implement a guardrail. Guardrails are published in ServiceNow as Knowledge Base articles (KBAs). You will find a list of published guardrails, along with links to access the corresponding KBAs on the site. The Security Architecture team will continue to update this site with the latest guardrails in consultation with Technical Security SMEs across IS domains and teams.
Actions to Take
If you or your team is directly or indirectly responsible for owning, developing, or modifying a system, then these guardrails are relevant to you. Please familiarize yourself with all relevant guardrails based on your system requirements before you start developing or modifying the system. If you need any help, engage the Security Architecture team for more clarity and guidance. We encourage you to follow the Security Guardrails site for update notifications.
Security Guardrails published as of Oct. 15, 2021:
- Application/Software
Security
- Secure Coding Standard – Set of general security best practices for coding software.
- Software Security Requirements – Software Security Standards applicable during development/ implementation of systems.
- Hosting
Security
- Server Hardening Standard – Guidelines and best practice recommendations to be implemented while configuring the servers on premise/ cloud.
- Network
Security
- Cloud Network Security Standard – Set of cloud network security requirements applicable during design/migration of systems to cloud.
- Firewall Security Standard – Security requirements for secure design, deployment, and operation of firewalls for protecting enterprise resources from adversaries.
- Client
& Modern Workplace Security
- Endpoint Security Configuration Standard – Security requirements applicable to workstations, servers and vendor machines attached to the Providence environment.
- Data Loss Prevention Configuration Standard – Security restrictions on outbound transfer of sensitive information from Providence.
Stay tuned! Security Guardrails for the following domains are under development:
- Hosting (cloud & on-prem)
- IAM
- Network
- BioMed
- Cyber Defense
- MAC – Merger, Acquisition & Major Construction
Questions?
If you have any questions about any of the Security Guardrails, contact the Security Architecture team at EISSecArch@providence4.onmicrosoft.com.