Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

CDP 35948520/Checkliste Cloud: 7 Web App Security Checks #32

New Issue
Closed
opened 2026-04-16 09:56:09 +02:00 by Hartmut · 2 comments
Hartmut commented 2026-04-16 09:56:09 +02:00
Owner
Copy Link
Copy Source

Quelle

Checkliste (7 Checks)

Phase: Solution Plan

General

  • Verify is there any privacy or other legislation restricting the transmission and storage of data
    N/A — CapaKraken ist On-Prem Docker-Deployment, keine Cloud-Transmission.
  • Deployment and enforcement of proper data protection standards as per the industry standards, including country wide Legal / Legislation policies. (Such as - Industry Data Protection Standard BS 10012:2009 or PCI DSS, U.K. Data Protection Act (DPA) 1984, India IT Act 2000).
    N/A — On-Prem, keine Cloud-Services.
  • Ensure the SLAs pertaining to cloud services are properly identified and documented. Also, ensure the cloud service provider has adequate measures for Business continuity/resiliency as per the standards such as BS25999.
    N/A — Keine Cloud-Services gebucht.
  • Verify Policy, standards, and guidelines of Cloud service provider, by considering the Infranstructure Securty Standard (Such as Secure Hardening and configuration baselines based on the industry best practice / secure architecture between application, system and network / Role based Administrative controls should be incorporated / Policy and procedure for critical security patches and updates must be applied / Periodic Risk and Threat assessment policy to avoid production breakdown due to security threats).
    N/A — Kein Cloud-Provider im Einsatz.
  • Verify if controls are in place to manage externally sourced and internally sourced attacks, including distributed denial of service, including physical security is managed and monitored from internal and external attack
    N/A — On-Prem-Deployment. (Grund-Schutz: nginx + rate-limit, aber kein Cloud-DDoS-Schutz nötig.)
  • Is there any Data recovery guarantee considered at initial stage, since organisation don’t have access to the physical and logical cloud infra?
    N/A — Backup-Strategie läuft über lokales Docker Volume (separates Thema).
  • In case of multiple cloud services are engaged, whether user identities and access controls are protected and considered through out Secure SDLC?
    N/A — Kein Cloud-Service-Mesh.
## Quelle - **xlsx:** `samples/CDP/checklists/cloud.xlsx` - **Parent-Control:** #29 - **Epic:** #1 - **Zweck:** Detail-Security-Checks zur Validierung der Accenture CDP Web Application Standards auf Code-/Architektur-Ebene. ## Checkliste (7 Checks) ### Phase: Solution Plan #### General - [x] Verify is there any privacy or other legislation restricting the transmission and storage of data ⚪ ***N/A** — CapaKraken ist On-Prem Docker-Deployment, keine Cloud-Transmission.* - [x] Deployment and enforcement of proper data protection standards as per the industry standards, including country wide Legal / Legislation policies. (Such as - Industry Data Protection Standard BS 10012:2009 or PCI DSS, U.K. Data Protection Act (DPA) 1984, India IT Act 2000). ⚪ ***N/A** — On-Prem, keine Cloud-Services.* - [x] Ensure the SLAs pertaining to cloud services are properly identified and documented. Also, ensure the cloud service provider has adequate measures for Business continuity/resiliency as per the standards such as BS25999. ⚪ ***N/A** — Keine Cloud-Services gebucht.* - [x] Verify Policy, standards, and guidelines of Cloud service provider, by considering the Infranstructure Securty Standard (Such as Secure Hardening and configuration baselines based on the industry best practice / secure architecture between application, system and network / Role based Administrative controls should be incorporated / Policy and procedure for critical security patches and updates must be applied / Periodic Risk and Threat assessment policy to avoid production breakdown due to security threats). ⚪ ***N/A** — Kein Cloud-Provider im Einsatz.* - [x] Verify if controls are in place to manage externally sourced and internally sourced attacks, including distributed denial of service, including physical security is managed and monitored from internal and external attack ⚪ ***N/A** — On-Prem-Deployment. (Grund-Schutz: nginx + rate-limit, aber kein Cloud-DDoS-Schutz nötig.)* - [x] Is there any Data recovery guarantee considered at initial stage, since organisation don’t have access to the physical and logical cloud infra? ⚪ ***N/A** — Backup-Strategie läuft über lokales Docker Volume (separates Thema).* - [x] In case of multiple cloud services are engaged, whether user identities and access controls are protected and considered through out Secure SDLC? ⚪ ***N/A** — Kein Cloud-Service-Mesh.*
Hartmut added the cdpsecurity labels 2026-04-16 09:56:09 +02:00
Hartmut commented 2026-04-16 10:06:37 +02:00
Author
Owner
Copy Link
Copy Source

Review-Ergebnis

Detail-Analyse aller 7 Checks aus samples/CDP/checklists/cloud.xlsx gegen CapaKraken-Code und docs/acn-security-compliance-status.md.

Status Anzahl Legende
OK 0 Implementiert + Evidenz im Ticket-Body inline vermerkt
🟡 PARTIAL 0 Grundschutz vorhanden, formaler Restpunkt offen
🔴 GAP 0 Nicht implementiert — konkrete TODOs unten
N/A 7 Nicht anwendbar für CapaKraken
Total 7

Empfehlung:
Alle Checks abgedeckt. Ticket kann nach Owner-Review geschlossen werden.

## Review-Ergebnis Detail-Analyse aller 7 Checks aus `samples/CDP/checklists/cloud.xlsx` gegen CapaKraken-Code und [`docs/acn-security-compliance-status.md`](../blob/main/docs/acn-security-compliance-status.md). | Status | Anzahl | Legende | |--------|--------|---------| | ✅ OK | 0 | Implementiert + Evidenz im Ticket-Body inline vermerkt | | 🟡 PARTIAL | 0 | Grundschutz vorhanden, formaler Restpunkt offen | | 🔴 GAP | 0 | Nicht implementiert — konkrete TODOs unten | | ⚪ N/A | 7 | Nicht anwendbar für CapaKraken | | **Total** | **7** | | --- **Empfehlung:** Alle Checks abgedeckt. Ticket kann nach Owner-Review geschlossen werden.
Hartmut commented 2026-04-16 10:06:38 +02:00
Author
Owner
Copy Link
Copy Source

Empfehlung: N/A schließen

Laut docs/acn-standards-applicability.md ist der SaaS/PaaS Cloud Computing Security Standard für CapaKraken aktuell nicht relevant (On-Prem Docker-Deployment). Alle 7 Checks dieser Checkliste sind auf Cloud-Services bezogen und damit nicht anwendbar.

Aktion: Ticket wird geschlossen. Bei zukünftiger Cloud-Migration neu öffnen und Checkliste abarbeiten.

Parent-Control #29 bleibt offen mit analogem N/A-Vermerk bis zur Cloud-Entscheidung.

## Empfehlung: N/A schließen Laut [`docs/acn-standards-applicability.md`](../blob/main/docs/acn-standards-applicability.md) ist der **SaaS/PaaS Cloud Computing Security Standard** für CapaKraken aktuell **nicht relevant** (On-Prem Docker-Deployment). Alle 7 Checks dieser Checkliste sind auf Cloud-Services bezogen und damit nicht anwendbar. **Aktion:** Ticket wird geschlossen. Bei zukünftiger Cloud-Migration neu öffnen und Checkliste abarbeiten. Parent-Control #29 bleibt offen mit analogem N/A-Vermerk bis zur Cloud-Entscheidung.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
cdp
CDP (Client Data Protection) compliance
 epic
Parent/umbrella ticket
 not-applicable
Control does not apply to CapaKraken scope
 security
Security / compliance work
No Label cdp security
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Hartmut
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Hartmut/CapaKraken#32
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?