From 5a8dfec8b5c44724687df81f02cd1f1a7e0845e7 Mon Sep 17 00:00:00 2001 From: CRob <69357996+SecurityCRob@users.noreply.github.com> Date: Tue, 23 Jul 2024 12:05:15 -0400 Subject: [PATCH] Update process/security_baseline.md Co-authored-by: Zach Steindler Signed-off-by: CRob <69357996+SecurityCRob@users.noreply.github.com> --- process/security_baseline.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/process/security_baseline.md b/process/security_baseline.md index 7399a753..4c8af64e 100644 --- a/process/security_baseline.md +++ b/process/security_baseline.md @@ -128,7 +128,7 @@ As a project matures and progresses towards graduation, it gains wider adoption. |Monitoring of security events is implemented if your project provides internet or infrastructure service on behalf of the foundation.|To monitor security relevant events for incident response.|If the project provides a service, monitoring SHALL be in place to raise actionable alerts when security relevant events meets pre-defined thresholds, for example host level firewall configuration is changed.|Manual review.| |If your project provides internet or infrastructure service on behalf of the foundation, an initial security audit is conducted. Audit findings are addressed.|To identify and remediate the vulnerabilities in the internet service.|Security audit SHALL be funded through the [TAC TI funding process](https://github.com/ossf/tac/blob/main/process/TI%20Funding%20Request%20Process.md).

SECURITY_INSIGHTS.yml SHALL be updated under “security-assessments” with a link to the audit report.|SECURITY_INSIGHTS.yml identifies the security audit report. The report provides details of the audit methodology, findings and recommendations.| -### Security Baseline - Graduated +### Security Baseline - Once Graduated Additional security MVP baseline on top of incubating baseline: | Security Baseline | Objective | How to Implement | How to Verify|