Add encryption details to security statement

FlowFuse / flowfuse

Connect, collect, transform, visualise, and interact with your Industrial Data in a single platform. Use FlowFuse to manage, scale and secure your Node-RED solutions.

https://flowfuse.com

Other

269 stars 63 forks source link

Add encryption details to security statement #4489

Closed knolleary closed 3 weeks ago

knolleary commented 3 weeks ago

Description

This may require updates to both docs and website bits, but the task is to updates docs to answer:

Describe the encryption methodology in transit and at rest. Will the data the SaaS provider stores be encrypted at rest? What algorithm do they use? AES-256. Will the data in transit be encrypted using HTTPS protocol with TLS 1.2? Any SFTP, etc.?

Epic/Story

No response

Have you provided an initial effort estimate for this issue?

I have provided an initial effort estimate

hardillb commented 3 weeks ago

AWS RDS https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html

Amazon RDS encrypted DB instances use the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your Amazon RDS DB instances.
AWS EFS https://docs.aws.amazon.com/efs/latest/ug/encryption-at-rest.html#howencrypt

Amazon EFS uses industry-standard AES-256 encryption algorithm to encrypt EFS data and metadata at rest

hardillb commented 3 weeks ago

HTTPS Load Balancer uses the following profile ELBSecurityPolicy-TLS13-1-2-2021-06

Described here: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies