scummings-tech
commented
1 year ago However, I did not see the following industry security standards and best practices policies: • Gramm Leach Bliley Act • NIST Security Control Policies • Payment Card Industry (PCI) Data Security Standards (DSS) • tRisk Management Framework (RMF) • Right to Financial Privacy Act • Sarbanes-Oxley (SOX) act of 2002. Protecting investors from financial scams
Solution: Continue to follow industry best practices and standards by updating security policies and procedures for Nextcloud
Nextcloud aligns with industry standards such as ISO/IEC27001-2013 and related standards, guidance and security principles. Nextcloud have the following security features: Has Built in Monitoring tools like Splunk, OpenNMS and Nagios Data Retention allows regular cleanup of files best upon time retention policy. File access control enable administrators to limit access to data in accordance with business and legal requirements and perform automatic actins like file conversion. Multi-layered encryption. Nextcloud uses industry-standard SSL/TLS encryption for data transfer. Additionally, data at rest in storage can be encrypted using AES-256 encryption server based or custom key management. Also, can tailor end to end encrypted client on a per folder basis. Compliance. Nextcloud meet both HIPAA, CCPA, FERPA, COPA, GDRP compliance and other ISO certifications. https://nextcloud.com/secure/