Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

initial sections #6059

Draft
wants to merge 8 commits into
base: develop
Choose a base branch
from
Draft

initial sections #6059

wants to merge 8 commits into from

Conversation

piano35-edb
Copy link
Contributor

What Changed?

@piano35-edb piano35-edb requested a review from a team as a code owner September 16, 2024 17:49
@piano35-edb piano35-edb marked this pull request as draft September 16, 2024 17:51
@djw-m djw-m added the deploy Add this label to a PR and it will automatically be deployed to netlify label Sep 17, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 17, 2024
edited
Loading

🚀 Deployed on https://deploy-preview-6059--edb-docs-staging.netlify.app

@github-actions github-actions bot temporarily deployed to pr-6059-security-guidance-new September 17, 2024 08:41 Inactive
djw-m
djw-m reviewed Sep 17, 2024
View reviewed changes
advocacy_docs/supported-open-source/postgresql/security_guidance/advanced.mdx Outdated
@@ -0,0 +1,190 @@
---
title: "Advanced"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
title: "Advanced"
title: "PostgreSQL Security 301: Advanced Security Guide"

The title should be the title so it gets H1 heading (for SEO) - and delete the followin H2 title, and maybe uprate the H3 headings to H2

djw-m
djw-m reviewed Sep 17, 2024
View reviewed changes
advocacy_docs/supported-open-source/postgresql/security_guidance/advanced.mdx Outdated
Advanced security in PostgreSQL focuses on hardening systems to meet strict compliance standards such as STIGs (Security Technical Implementation Guides), GDPR, PCI-DSS, HIPAA, and FISMA.
This guide will cover advanced strategies for securing PostgreSQL in high-stakes environments.

### 1. Security Technical Implementation Guides (STIGs)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
### 1. Security Technical Implementation Guides (STIGs)
## 1. Security Technical Implementation Guides (STIGs)

djw-m
djw-m reviewed Sep 17, 2024
View reviewed changes
advocacy_docs/supported-open-source/postgresql/security_guidance/advanced.mdx Outdated
log_statement = 'ddl'
```

### 2. Compliance Requirements
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
### 2. Compliance Requirements
## 2. Compliance Requirements

djw-m
djw-m reviewed Sep 17, 2024
View reviewed changes
advocacy_docs/supported-open-source/postgresql/security_guidance/advanced.mdx Outdated
```

### 2. Compliance Requirements
#### 2.1 GDPR (General Data Protection Regulation)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
#### 2.1 GDPR (General Data Protection Regulation)
### 2.1 GDPR (General Data Protection Regulation)

djw-m
djw-m reviewed Sep 17, 2024
View reviewed changes
advocacy_docs/supported-open-source/postgresql/security_guidance/advanced.mdx Outdated

Data Breach Notifications: In the event of a data breach, GDPR mandates prompt notification. PostgreSQL logging, auditing, and alerting should help detect breaches immediately.

#### 2.2 PCI-DSS (Payment Card Industry Data Security Standard)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
#### 2.2 PCI-DSS (Payment Card Industry Data Security Standard)
### 2.2 PCI-DSS (Payment Card Industry Data Security Standard)

djw-m
djw-m reviewed Sep 17, 2024
View reviewed changes
advocacy_docs/supported-open-source/postgresql/security_guidance/advanced.mdx Outdated

Logging and Monitoring: PCI-DSS requires detailed logging of all access to cardholder data. Use pgaudit to track reads, writes, and role changes to sensitive data.

#### 2.3 HIPAA (Health Insurance Portability and Accountability Act)
Copy link
Contributor

@djw-m djw-m Sep 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
#### 2.3 HIPAA (Health Insurance Portability and Accountability Act)
### 2.3 HIPAA (Health Insurance Portability and Accountability Act)

Leaving the rest of the heading changes to be done (and repeat this process on the rest of the security pages).

djw-m
djw-m reviewed Sep 17, 2024
View reviewed changes
advocacy_docs/supported-open-source/postgresql/security_guidance/security_guidance_long.mdx Outdated
Copy link
Contributor

@djw-m djw-m Sep 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file needs a good work over on formatting (Headings need to be headings etc etc, the index list then can link to the anchors) and I'd suggest that we credit the author and original blog posting in part to explain why the tone of the content is friendlier than usual.

Oh and the bold text used to mark out paras may be best replaced with the !!! tip admonition.

@github-actions github-actions bot temporarily deployed to pr-6059-security-guidance-new September 23, 2024 20:07 Inactive
@github-actions github-actions bot temporarily deployed to pr-6059-security-guidance-new September 24, 2024 14:48 Inactive
@github-actions github-actions bot temporarily deployed to pr-6059-security-guidance-new September 24, 2024 15:20 Inactive
@github-actions github-actions bot temporarily deployed to pr-6059-security-guidance-new September 24, 2024 15:25 Inactive
@github-actions github-actions bot temporarily deployed to pr-6059-security-guidance-new September 24, 2024 17:59 Inactive
@djw-m
Copy link
Contributor

djw-m commented Sep 25, 2024

Would this be better merged into the securityhub PR that's ongoing?

@ebgitelman
Copy link
Contributor

ebgitelman commented Oct 18, 2024
edited
Loading

Performed several levels of edits including using the correct levels of edits (per DJ's comment) and removing numbering from heads. Also changed the formatting of bullet items to use periods instead of colons (in favor of moving the colon inside the bold or using our typical em-dash format) since most of those bits were sentences.

Made those bits consistent--either noun phrases or verb phrases within each list. Also fixed capitalization of heads to sentence style.

Also made vertical spacing consistent and to adhere to style guide (a return after heads) since this is a first revision. Might as well be neat about it the first time out.

djw-m
djw-m approved these changes Oct 22, 2024
View reviewed changes
Copy link
Contributor

@djw-m djw-m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djw-m djw-m djw-m approved these changes

Assignees
No one assigned
Labels
deploy Add this label to a PR and it will automatically be deployed to netlify
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@piano35-edb @djw-m @ebgitelman