Upload SECURITY.md
Browse files- SECURITY.md +8 -0
SECURITY.md
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# Security & Compliance
|
| 2 |
+
|
| 3 |
+
- **Transport Security:** TLS termination at the gateway; optional mTLS intra-cluster.
|
| 4 |
+
- **Authentication:** OAuth2/JWT with per-route scopes.
|
| 5 |
+
- **Authorization:** RBAC at the gateway and service accounts in Kubernetes.
|
| 6 |
+
- **Audit Logging:** Structured JSON logs (`request_id`, route, outcome). Ship to ELK/Loki.
|
| 7 |
+
- **PHI Handling:** Optional de-identification in preprocessors; strict schema validation; data minimization & retention controls (HIPAA/GDPR).
|
| 8 |
+
- **Secrets:** Kubernetes Secrets or external vault (e.g., HashiCorp Vault).
|