Skip to content

Latest commit

 

History

History
19 lines (12 loc) · 903 Bytes

File metadata and controls

19 lines (12 loc) · 903 Bytes

Security

Security is a core tenet of ForgeTS. We adhere to NIST 800-53 Rev5 standards where applicable.

Core Security Policies

  1. Least Privilege: All generated services and roles default to minimum necessary permissions.
  2. Secrets Management: No secrets in code. Use .env file patterns or proper secret stores (AWS Secrets Manager, HashiCorp Vault) for production.
  3. Dependency Safety: We pin dependencies where possible and regularly scan for vulnerabilities.

Compliance

NIST 800-53

The project validates against NIST controls. See compliance/ directory (if available) or the Compliance Documentation (link to be updated) for audit logs.

Reporting Vulnerabilities

If you discover a security vulnerability in ForgeTS, please DO NOT open a public issue. Refer to SECURITY.md in the root of the repository for reporting instructions.