Common Services security
Security standards are intended to help you protect personally identifiable information (PII) and sensitive personal information (SPI). Depending on the types of data you process and the countries that you operate in, multiple standards might apply.
- International Organization for Standardization (ISO) 27002 standard
- Federal Information Security Management Act (FISMA)
- National Institute of Standards and Technology - NIST 800-53a
- Federal Financial Institutions Examination Council (FFIEC)
- Payment Card Industry (PCI)
- General Data Protection Regulation (GDPR)
- Your own internal standards
Because of the complexity and overlapping areas of the different standards, no direct mapping between a specific standard and this security information for Common Services exists. This security information relates to components and features of Common Services, such as the Control Center, and other security concerns that might affect Common Services, like WebSphere® Application Server security. Other areas that are not related to Common Services, such as security incident response processes or physical environmental security are not included in this information.
- Access control
- Access control involves authentication and authorization.
- Infrastructure
- Infrastructure includes securing the middleware and the communications.
- Data storage
- Data storage includes protecting the data in the database and on the file system.
- Monitoring
- Monitoring is a way to ensure that your security is working. You might want to monitor the audit, system, and component logs. You can also monitor for inactive users.
For more information about security for FTM on Red Hat® OpenShift®, see Security information for FTM on Red Hat OpenShift.
The following topics provide first an overview of personal information in Common Services and each of the high-level categories. Following the overview topics are topics about the security information for the different middleware and components that are used by Common Services.