diff --git a/access-control/index.md b/access-control/index.md index 9088fde..05be8b7 100644 --- a/access-control/index.md +++ b/access-control/index.md @@ -3,7 +3,7 @@ title: Access control policy slug: access-control policy: true faq: false -weight: 7 +weight: 9 --- Tailscale limits access control based on job requirements, following the principle of least privilege. @@ -18,9 +18,9 @@ This policy applies throughout the entire lifecycle of employee, contractor, or Where possible, access policies are enforced by technical measures. -Tailscale should implement monitoring on its systems where possible, to record logon attempts and failures, successful logons and date and time of logon and logoff. Activities performed as administrator are logged where it is feasible to do so. +Tailscale should implement monitoring on its systems where possible, to record logon attempts and failures, successful logons and date and time of logon and logoff. Activities performed as administrator are logged where it is feasible to do so. -Personnel who have administrative system access should use other less powerful accounts for performing non-administrative tasks. +Personnel who have administrative system access should use other less powerful accounts for performing non-administrative tasks. Where possible, more than one person must have full rights to any critical piece of infrastructure serving or storing production services or customer data. diff --git a/bcp-dr/index.md b/bcp-dr/index.md index 614aee3..9763230 100644 --- a/bcp-dr/index.md +++ b/bcp-dr/index.md @@ -3,7 +3,7 @@ title: BCP/DR policy slug: bcp-dr policy: true faq: false -weight: 6 +weight: 8 --- ### Context diff --git a/change-management/index.md b/change-management/index.md index e81c431..f2602e8 100644 --- a/change-management/index.md +++ b/change-management/index.md @@ -3,7 +3,7 @@ title: Change management policy slug: change-management policy: true faq: false -weight: 9 +weight: 11 --- To avoid potential security incidents, Tailscale requires change management controls to ensure only authorized changes are made to its environment and processes. @@ -42,4 +42,4 @@ Tailscale may also make changes to customer environments without the customer in Security policies must have a change log to allow auditing of past changes, including when and by whom these changes were made. Tailscale stores these security policies in GitHub and uses git to track changes. -Tailscale will review and evaluate its security policies, adapt them as needed due to changing risks, and validate if the implemented information security continuity controls are sufficient on a quarterly basis. \ No newline at end of file +Tailscale will review and evaluate its security policies, adapt them as needed due to changing risks, and validate if the implemented information security continuity controls are sufficient on a quarterly basis. diff --git a/data-retention-deletion/index.md b/data-retention-deletion/index.md index 65176fa..32a45b9 100644 --- a/data-retention-deletion/index.md +++ b/data-retention-deletion/index.md @@ -3,7 +3,7 @@ title: Data retention and deletion policy slug: data-retention-deletion policy: true faq: false -weight: 12 +weight: 14 --- Tailscale must retain certain kinds of data for a minimum amount of time, to comply with legal requirements. At the same time, Tailscale wants to avoid retaining any identifiable data for longer than is necessary, in case of a breach. @@ -217,4 +217,4 @@ Tailscale must delete customer data in accordance with the commitments, if any, ### Deletion method -Data may be destroyed by overwriting on disk, deleting a cloud resource, encrypting and destroying the key, resetting a device, and/or physical destruction. \ No newline at end of file +Data may be destroyed by overwriting on disk, deleting a cloud resource, encrypting and destroying the key, resetting a device, and/or physical destruction. diff --git a/incident-disclosure/index.md b/incident-disclosure/index.md index 08329a7..cdcd5cb 100644 --- a/incident-disclosure/index.md +++ b/incident-disclosure/index.md @@ -3,7 +3,7 @@ title: Incident disclosure and notification policy slug: incident-disclosure policy: true faq: false -weight: 13 +weight: 7 --- This policy specifies when and how we notify users about security incidents. diff --git a/incident-response-process/index.md b/incident-response-process/index.md index 038a713..fd16e11 100644 --- a/incident-response-process/index.md +++ b/incident-response-process/index.md @@ -3,7 +3,7 @@ title: Incident response process slug: incident-response-process policy: true faq: false -weight: 14 +weight: 6 --- ### Incident response diff --git a/password/index.md b/password/index.md index fe77543..b5ad2a2 100644 --- a/password/index.md +++ b/password/index.md @@ -3,7 +3,7 @@ title: Password policy slug: password policy: true faq: false -weight: 8 +weight: 10 --- To avoid potential security incidents, Tailscale requires employees to follow password requirements. @@ -62,4 +62,4 @@ End user devices must use passwords to encrypt their disks and unlock the device Access to third party applications must use SSO where possible, MFA where possible, and enforce MFA where possible. -An individual’s password for their password management vault must be unique. These do not need to be randomly generated. \ No newline at end of file +An individual’s password for their password management vault must be unique. These do not need to be randomly generated. diff --git a/patch-management/index.md b/patch-management/index.md index 4bd8ef6..414ef5e 100644 --- a/patch-management/index.md +++ b/patch-management/index.md @@ -3,7 +3,7 @@ title: Patch management policy slug: patch-management policy: true faq: false -weight: 11 +weight: 13 --- To avoid potential security incidents, Tailscale regularly reviews potential vulnerabilities in its environment and applies relevant patches. @@ -38,4 +38,4 @@ Tailscale should patch security vulnerabilities as soon as possible. The expecte Where a patch is not yet available, or cannot be applied, Tailscale should put in place mitigations as appropriate to prevent a vulnerability from being exploited. Tailscale should also put in place mitigations if a vulnerability is known to be actively exploited in the wild. -Mitigations can include: removing functionality, limiting who can access a service, or taking down a service. \ No newline at end of file +Mitigations can include: removing functionality, limiting who can access a service, or taking down a service. diff --git a/testing/index.md b/testing/index.md index effb14a..a17cda5 100644 --- a/testing/index.md +++ b/testing/index.md @@ -3,7 +3,7 @@ title: Testing policy slug: testing policy: true faq: false -weight: 10 +weight: 12 --- To avoid potential security incidents, Tailscale requires testing of its software to ensure that it functions as expected.