Security - bcgov/common-hosted-form-service GitHub Wiki

Terms of Use | Privacy | Security | Service Agreement | Accessibility

Security Controls

• Confidentiality: Preventing unauthorized access to information.
• Integrity: Preventing changes to or removal of information.
• Availability: Maintaining operations during events such as power outages or natural disasters.

Understand the classification or your data

• Take appropriate measures based on the classification of your data
• Implement controls based on the governing laws that apply to your business
• Information Security Classification Standard
• CHEFS and its underlying subsystems and infrastructure are approved for up to Confidential - Protected B
• Reference: CHEFS Security Threat and Risk Assessment

You have security responsibilities

Always follow these steps:

• Use a modern, secure web browser
• Follow guidance of Ministry Information Security Officers related to the installation of security patches
• Keep API keys in an encrypted file that’s only for authorized staff
• Do not share API keys by email, support tickets or put in plain text in a source code repository
• Give third-party users a unique API key (not the one you use)
• Use two factor authentication
• Follow instructions for Generating an API