Skip to main content
Home Office
Home
SEGAS Compliance
Explicitly stated expectations for engineering teams
SEGAS-00006 - Managing secrets
More information about SEGAS-00006
More information can be found on the engineering website about
SEGAS-00006
Does this codebase pass the following requirement: Secrets MUST be generated in accordance with the Home Office Password Policy?
More information about Secrets MUST be generated in accordance with the Home Office Password Policy
More information can be found on the engineering website about
Secrets MUST be generated in accordance with the Home Office Password Policy
Yes
No
N/A
Does this codebase pass the following requirement: You MUST only store secrets in an approved secret management system?
More information about You MUST only store secrets in an approved secret management system
More information can be found on the engineering website about
You MUST only store secrets in an approved secret management system
Yes
No
N/A
Does this codebase pass the following requirement: You MUST proactively manage access to secrets?
More information about You MUST proactively manage access to secrets
More information can be found on the engineering website about
You MUST proactively manage access to secrets
Yes
No
N/A
Does this codebase pass the following requirement: You MUST implement secret scanning?
More information about You MUST implement secret scanning
More information can be found on the engineering website about
You MUST implement secret scanning
Yes
No
N/A
Does this codebase pass the following requirement: You MUST ensure that secrets are not exported into monitoring systems?
More information about You MUST ensure that secrets are not exported into monitoring systems
More information can be found on the engineering website about
You MUST ensure that secrets are not exported into monitoring systems
Yes
No
N/A
Does this codebase pass the following requirement: You MUST document how secrets are managed?
More information about You MUST document how secrets are managed
More information can be found on the engineering website about
You MUST document how secrets are managed
Yes
No
N/A
Does this codebase pass the following requirement: You MUST monitor the usage of secrets to identify suspicious behaviour?
More information about You MUST monitor the usage of secrets to identify suspicious behaviour
More information can be found on the engineering website about
You MUST monitor the usage of secrets to identify suspicious behaviour
Yes
No
N/A
Does this codebase pass the following requirement: You MUST have a response plan ready to enact if you have an incident?
More information about You MUST have a response plan ready to enact if you have an incident
More information can be found on the engineering website about
You MUST have a response plan ready to enact if you have an incident
Yes
No
N/A
Continue