empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Adding acceptable use policy (#5417)

Browse Source 
* Adding acceptable use policy

Relates to https://github.com/fleetdm/confidential/issues/1107

Creating a new "Security Policies" file and then adding the first policy - acceptable use.

* Update security-policies.md

Added effective date and owner

* Update security-policies.md

Fixed link
This commit is contained in:
Guillaume Ross 2022-04-27 15:33:49 -04:00 committed by GitHub
parent 8f096b33e6
commit 2ef5099c7f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
handbook/README.md
View File

@ -33,6 +33,10 @@ The Fleet handbook is the central guide for how we run the company. As part of o
[Vulnerability management in Fleet](./security.md#vulnerability-management)
### 📜 Security policies
[Acceptable use policy](./security-policies.md#acceptable-use-policy)
### 💓 Brand
[Communicating as Fleet](./brand.md#communicating-as-fleet)

46
handbook/security-policies.md Normal file
View File

@ -0,0 +1,46 @@
# Security policies
## Information security policy and acceptable use policy
This Information Security Policy is intended to protect Fleet Device Management Inc's employees, contractors, partners, customers and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.
Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, web browsing, and file transfers, are the property of Fleet Device Management Inc. These systems are to be used for business purposes in serving the interests of the company, and of our clients and customers in the course of normal operations.
Effective security is a team effort involving the participation and support of every Fleet Device Management Inc employee or contractor who deals with information and/or information systems. It is the responsibility of every team member to read and understand this policy, and to conduct their activities accordingly.
### Acceptable Use of End-user Computing
*Created from [JupiterOne/security-policy-templates](https://github.com/JupiterOne/security-policy-templates). [CC BY-SA 4 license](https://creativecommons.org/licenses/by-sa/4.0/)*
| Policy owner | Effective date |
| -------------- | -------------- |
| @GuillaumeRoss | 2022-06-01 |
Fleet requires all workforce members to comply with the following acceptable use requirements and procedures, such that:
1. Use of Fleet computing systems is subject to monitoring by Fleet IT and/or Security teams.
2. Fleet team members must not leave computing devices (including laptops and smart devices) used for business purpose, including company-provided and BYOD devices, unattended in public.
3. Device encryption must be enabled for all mobile devices accessing company data, such as whole-disk encryption for all laptops.
4. Use only legal software with a valid license installed through the internal "app store" or trusted sources. Well-documented open source software can be used. If in doubt, ask in *#g-security*.
5. Avoid sharing credentials. Secrets must be stored safely, using features such as GitHub secrets. For accounts and other sensitive data that need to be shared, use the company-provided password manager.
6. At Fleet, we are public by default. Sensitive information from logs, screenshots or other types of data (memory dumps for example), must be sanitized to remove any sensitive or confidential information prior to posting.
7. Anti-malware or equivalent protection and monitoring must be installed and enabled on all endpoint systems that may be affected by malware, including workstations, laptops and servers.
8. It is strictly forbidden to download or store any secrets used to sign Orbit installer updates on end-user computing devices, including laptops, workstations and mobile devices.
9. Only company owned and managed computers are allowed to connect directly to Fleet auto updater production environments.
10. Fleet team members must not let anyone else use Fleet provided and managed workstations unsupervised, including family members and support personnel of vendors. Use screen sharing instead of allowing them to access your system directly.
11. Device operating system must be kept up to date. Fleet managed systems will receive prompts for updates to be installed, and BYOD devices are to be updated by the team member using it, or might lose access.
12. Team members must not store sensitive data on portable storage.
13. The use of Fleet company accounts on "shared" computers, such as hotel kiosk systems, is strictly prohibited.
<meta name="maintainedBy" value="guillaumeross">