You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This document details the security framework for Open OnDemand, providing essential information that administrators need to know for secure deployment and operation.
.. note::
If you're here to report a vulerability, you may refer to :ref:`vulnerability-management`.
Considerations
--------------
This section outlines key security advantages and areas for vigilance within the Open OnDemand environment.
Expand DownExpand Up
@@ -34,13 +37,6 @@ that some centers may want to change or disable altogether.
One option is to :ref:`set-file-allowlist` to limit what directories users may navigate to.
Additional Information
----------------------
- **Vulnerability Management**: Active management of security weaknesses includes regular updates and patches. Detailed processes and current security advisories are available at :ref:`vulnerability-management`.
- **Security Audits**: The platform undergoes periodic security audits by Trusted CI, the NSF Cybersecurity Center of Excellence. Summaries of these audits are available, with the latest report accessible `here <https://openondemand.org/sites/default/files/documents/Trusted%20CI%20Open%20OnDemand%20Engagement%20Final%20Report%20-%20REDACTED%20FOR%20PUBLIC%20RELEASE%20210712_0.pdf>`_.
Conclusion
----------
Maintaining a secure and robust operational environment is critical for the success of Open OnDemand. Administrators are encouraged to implement the security practices recommended in this guide and to regularly review security settings and updates.
