This subdirectory contains documentation that describes our protocols for responding to TDP security incidents. TDP's overarching Incident Response Plan can be found here 🔒
- Secret Key Management - lays out TDP's standards for minimizing the risk of leaking secret keys (i.e. sensitive information that--if exposed--opens the door for unauthorized access to the system and/or data therein).
- System Admin Account Restoration - lays out steps for restoring permissions for a TDP sys admin if their account has been compromised.
- CircleCI Secret Key Rotation Tabletop - lays out steps taken in response to CircleCI's security incident in December 2022.
- Cloud.gov S3 Security Incident Response - lays out steps taken in response to Cloud.gov's security incident in October 2023.