More to add later{{Feature|image=Cib-lets-encrypt (CoreUI Icons v1.0.0).svg|imgdesc=Lets Encrypt|title=}}{{#set:feature title = {{PAGENAME}} }}{{#set:feature description = Using SSL and TLS Deployment Best Practices, QualityBox gets an A+ rating for security. }}{{#set:feature notes = Certificates provided by the [[Certbot|Let's Encrypt project]] }}{{#set:feature tests = [https://www.ssllabs.com/ssltest/analyze.html?d={{SERVERNAME}} Test on SSL Labs.com] }}{{#set:feature examples = See [[:File:Certificate grade.png]] }}
==free software that secures your communication== [https://www.torproject.org/ The Onion Router] (TOR) project https://www.torproject.org/ is the best known provider of security for your personal communications. TOR acts as an anonymizing layer between you and ALL Internet traffic. For secure "messaging" there is [https://jami.net Jami]. Jami is a complete communication platform made by [https://savoirfairelinux.com/en Savoir Faire Linux]. Jami is available for all operating systems and devices. Jami offers * Instant messaging* Audio and video calls* Swarms (group chats)* Video-conferences and Rendezvous points with no third-party hosting* Audio and video message recording* Screen sharing and media streaming* Built-in plugin platform for new features and experiences* Jami can also function as a SIP client Another popular platform for secure messaging is the '''Signal''' app. https://signal.org/ == Security Frameworks == 14 Security Frameworks You Should Know <ref>https://secureframe.com/blog/security-frameworks</ref>{| class="wikitable"!Framework!Purpose!Best Suited For!Certification!Certification Method!Audit Duration!Audit Frequency|-!SOC 2|Manage customer data|Companies and their third-party partners|N/A|Authorized CPA firms|6-month period|Every year|-!ISO 27001|Build and maintain an information security management system (ISMS)|Any company handling sensitive data|Yes|Accredited third-party|1 week-1 month|Every year|-!NIST Cybersecurity Framework|Comprehensive and personalized security weakness identification|Anyone|N/A|Self|N/A|N/A|-!HIPAA|Protect patient health information|The healthcare sector|Yes|The Department of Health and Human Services (third-party)|12 weeks|6 per year|-!PCI DSS|Keep card owner information safe|Any company handling credit card information|Yes|PCI Qualified Security Assessor (third-party)|18 weeks|Every year|-!GDPR|Protect the data of people in the EU|All businesses that collect the data of EU citizens|Yes|Third-party|About 30 days|Depends on preference|-!HITRUST CSF|Enhance security for healthcare organizations and technology vendors|The healthcare sector / Anyone|Yes|Third-party|3-4 months|Every year|-!COBIT|Alignment of IT with business goals, security, risk management, and information governance|Publicly traded companies|Yes|ISACA (third-party)|N/A|N/A|-!NERC-CIP|Keep North America’s bulk electric systems operational|The utility and power sector|Yes|Third-party|Up to 3 years|Every 5 years|-!FISMA|Protect the federal government’s assets|The federal government and third parties operating on its behalf|Yes|The FISMA Center|12 weeks|Every year|-!NIST Special Publication 800-53|Compliance with the Federal Information Processing Standards' (FIPS) 200 requirements and general security advice|Government agencies|N/A|Self|N/A|N/A|-!NIST Special Publication 800-171|Management of controlled unclassified information (CUI) to protect federal information systems|Contractors and subcontractors of federal agencies|N/A|Self|N/A|N/A|-!IAB CCPA|Protecting California consumers’ data|California businesses and advertising tech companies|N/A|Self|N/A|N/A|-!CIS Controls|General protection against cyber threats|Anyone|Yes|Third-party|} == Resources == #[https://github.com/lfit/itpol Linux Foundation IT Policy]# https://wiki.mozilla.org/Security#https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#https://secureframe.com/blog/security-frameworks# [https://www.brighttalk.com/webcast/6793/591276 How Ubuntu enables your compliance with FedRAMP, FISMA, FIPS, and DISA-STIG] This 50 minute video from Canonical can provide insight as to how an Enterprise MediaWiki solution can address the concerns related to these frameworks.{{References}}
[[Category:Security]]
[[Category:Frameworks]]