Trustpoint Logo

# Security Controls Owner Version Effective Date Review Cycle

**๐Ÿ“‹ Document Owner:** Trustpoint Project Maintainers | **๐Ÿ“„ Version:** 1.0 | **๐Ÿ“… Last Updated:** 2026-07-01 **๐Ÿ”„ Review Cycle:** Quarterly | **โฐ Next Review:** 2026-09-26 --- ## **Purpose** This document describes the technical and organizational security controls used to reduce cybersecurity risks for Trustpoint. The controls are derived from the threats identified in `THREAT_MODEL.md` and the risks evaluated in `RISK_REGISTER.md`. --- ## **Control Management Process** Trustpoint follows a structured security documentation chain: ```text Threat Model โ†’ Risk Register โ†’ Controls โ†’ Evidence โ†’ Review ``` | Step | Document | Purpose | | ---------------- | ------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------- | | 1. Threat Model | [`THREAT_MODEL.md`](./THREAT_MODEL.md) | Identifies threats to Trustpoint | | 2. Risk Register | [`RISK_REGISTER.md`](./RISK_REGISTER.md) | Groups threats into cybersecurity risks | 3. Controls | [`CONTROLS.md`](./CONTROLS.md) - [![Critical][badge-you-are-here]]() | Documents implemented and planned controls | | 4. Evidence | [`CRA_COMPLIANCE.md`](./CRA_COMPLIANCE.md) ยท [`SECURITY.md`][security] ยท CI/CD artifacts ยท SBOM | Provides evidence for implemented controls, vulnerability handling, release processes, and security maintenance | | 5. Review | [`THREAT_MODEL.md`](./THREAT_MODEL.md) ยท [`RISK_REGISTER.md`](./RISK_REGISTER.md) ยท [`CONTROLS.md`](./CONTROLS.md) ยท [`CRA_COMPLIANCE.md`](./CRA_COMPLIANCE.md) | Ensures that threats, risks, controls, and evidence remain current over time --- ## **Control Status** | Status | Meaning | | -------------- | ----------------------------------------------------------------------- | | ![Implemented][badge-implemented] | Control is implemented and evidence is available or partially available | | ![In Progress][badge-in-progress] | Control is partially implemented or being improved | | ![Planned][badge-planned] | Control is identified but not yet implemented | | ![NA][badge-na] | Control is not applicable to the current Trustpoint scope | --- ## **Control Summary** | Control Area | Controls | Status | |-------------|---------:|--------| | Access control | 4 | ![In Progress][badge-in-progress] | | Cryptographic security | 2 | ![In Progress][badge-in-progress] | | Certificate lifecycle security | 4 | ![In Progress][badge-in-progress] | | Secure deployment | 4 | ![In Progress][badge-in-progress] | | Logging and monitoring | 2 | ![In Progress][badge-in-progress] | | Supply chain security | 5 | ![In Progress][badge-in-progress] | | Vulnerability handling | 4 | ![In Progress][badge-in-progress] | | **Total Controls** | **25** | **Initial Version** | --- ## **Security Controls** ### **C-TP-001: Authentication** | Field | Value | | ------------------ | --------------------------------------------------------------------------------------------- | | **Control Area** | Access Control | | **Related Risks** | R-TP-002 | | **Description** | Trustpoint requires authenticated access for administrative and security-relevant operations. | | **Implementation** | Django authentication ยท Session handling ยท API authentication | | **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] | | **Evidence** | Django auth configuration ยท Source code ยท Security tests | --- ### **C-TP-002: Authorization and RBAC** | Field | Value | | ------------------ | ------------------------------------------------------------------------------------------------------------------------ | | **Control Area** | Access Control | | **Related Risks** | R-TP-002 ยท R-TP-004 | | **Description** | Authorization checks restrict certificate, policy, lifecycle, and administrative operations to permitted users or roles. | | **Implementation** | Role-based access control ยท Permission checks ยท Admin restrictions | | **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] | | **Evidence** | Source code ยท Authorization tests ยท Admin documentation | --- ### **C-TP-003: Administrative Auditability** | Field | Value | | ------------------ | ---------------------------------------------------------------------------------------------------- | | **Control Area** | Access Control | | **Related Risks** | R-TP-002 ยท R-TP-004 ยท R-TP-007 | | **Description** | Security-relevant administrative actions are logged to support accountability and incident analysis. | | **Implementation** | Audit logs ยท Lifecycle event logging | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | Audit log implementation ยท Logging documentation | --- ### **C-TP-004: Secure Session and Token Handling** | Field | Value | | ------------------ | --------------------------------------------------------------------------- | | **Control Area** | Access Control | | **Related Risks** | R-TP-002 ยท R-TP-007 | | **Description** | Sessions and tokens are protected against unauthorized reuse or disclosure. | | **Implementation** | Secure cookie settings ยท Token lifetime management ยท TLS requirement | | **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] | | **Evidence** | Django security settings ยท Deployment documentation | --- ### **C-TP-005: CA Private Key Protection** | Field | Value | | ------------------ | ----------------------------------------------------------------------------------------------- | | **Control Area** | Cryptographic Security | | **Related Risks** | R-TP-003 ยท R-TP-004 | | **Description** | CA private keys are protected against unauthorized access, extraction, modification, or misuse. | | **Implementation** | PKCS#11 / HSM support ยท Encrypted storage ยท Access restrictions | | **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] | | **Evidence** | PKCS#11 integration ยท HSM configuration ยท Key management documentation | --- ### **C-TP-006: Secure Cryptographic Defaults** | Field | Value | | ------------------ | ------------------------------------------------------------------------------------------------------------- | | **Control Area** | Cryptographic Security | | **Related Risks** | R-TP-003 ยท R-TP-004 ยท R-TP-006 | | **Description** | Trustpoint should use secure cryptographic algorithms, key sizes, profiles, and protocol settings by default. | | **Implementation** | Certificate profile validation ยท Cryptographic parameter restrictions ยท TLS guidance | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | Certificate profile code ยท Crypto tests ยท Documentation | --- ### **C-TP-007: Certificate Policy Enforcement** | Field | Value | | ------------------ | ------------------------------------------------------------------------------ | | **Control Area** | Certificate Lifecycle Security | | **Related Risks** | R-TP-004 ยท R-TP-006 | | **Description** | Certificate issuance follows defined profiles, policies, and validation rules. | | **Implementation** | Certificate templates ยท Policy validation ยท Request validation | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | CA/RA implementation ยท Policy documentation ยท Tests | --- ### **C-TP-008: Certificate Lifecycle Management** | Field | Value | | ------------------ | --------------------------------------------------------------------------------------------------------------- | | **Control Area** | Certificate Lifecycle Security | | **Related Risks** | R-TP-004 ยท R-TP-008 | | **Description** | Trustpoint supports certificate issuance, renewal, revocation, expiry tracking, and lifecycle state management. | | **Implementation** | Lifecycle workflows ยท Renewal handling ยท Revocation state | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | Lifecycle implementation ยท Tests ยท Documentation | --- ### **C-TP-009: Device Identity Verification** | Field | Value | | ------------------ | ---------------------------------------------------------------------------------------------- | | **Control Area** | Certificate Lifecycle Security | | **Related Risks** | R-TP-004 ยท R-TP-006 | | **Description** | Device onboarding and enrollment workflows verify device identity before certificate issuance. | | **Implementation** | Enrollment validation ยท Protocol-specific checks ยท Operator approval where required | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | Enrollment implementation ยท Protocol tests ยท Operator documentation | --- ### **C-TP-010: Revocation Support** | Field | Value | | ------------------ | -------------------------------------------------------------------------------------------- | | **Control Area** | Certificate Lifecycle Security | | **Related Risks** | R-TP-004 ยท R-TP-008 | | **Description** | Trustpoint supports revocation of compromised, obsolete, or incorrectly issued certificates. | | **Implementation** | Revocation workflows ยท Revocation state ยท CRL / status distribution as applicable | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | Revocation implementation ยท Lifecycle tests ยท Documentation | --- ### **C-TP-011: Secure Deployment Configuration** | Field | Value | | ------------------ | ------------------------------------------------------------------------------------------------------------ | | **Control Area** | Secure Deployment | | **Related Risks** | R-TP-002 ยท R-TP-007 ยท R-TP-008 | | **Description** | Trustpoint provides deployment guidance and configuration options to reduce insecure runtime configurations. | | **Implementation** | Docker deployment ยท Environment configuration ยท Production settings guidance | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | Deployment documentation ยท Docker configuration | --- ### **C-TP-012: TLS Protection** | Field | Value | | ------------------ | ---------------------------------------------------------------------------------------------- | | **Control Area** | Secure Deployment | | **Related Risks** | R-TP-002 ยท R-TP-006 ยท R-TP-007 | | **Description** | Network communication with Trustpoint should be protected using TLS or mTLS where appropriate. | | **Implementation** | TLS deployment guidance ยท HTTPS configuration ยท Protocol-specific TLS requirements | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | Deployment documentation ยท Protocol documentation ยท TLS tests | --- ### **C-TP-013: Secret Management** | Field | Value | | ------------------ | ---------------------------------------------------------------------------------------------------------------------- | | **Control Area** | Secure Deployment | | **Related Risks** | R-TP-003 ยท R-TP-007 | | **Description** | Runtime secrets, database credentials, API tokens, and private material are protected against unauthorized disclosure. | | **Implementation** | Environment-based secret configuration ยท Secure storage guidance ยท Secret rotation guidance | | **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] | | **Evidence** | Deployment documentation ยท Configuration reference | --- ### **C-TP-014: Backup and Recovery** | Field | Value | | ------------------ | ---------------------------------------------------------------------------------------------------------- | | **Control Area** | Secure Deployment | | **Related Risks** | R-TP-003 ยท R-TP-007 ยท R-TP-008 | | **Description** | Trustpoint supports backup and recovery procedures for continuity and recovery from failures or incidents. | | **Implementation** | Database backup support ยท Recovery guidance ยท RTO/RPO targets | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | Backup configuration ยท Recovery documentation | --- ### **C-TP-015: Monitoring and Metrics** | Field | Value | | ------------------ | ----------------------------------------------------------------------------------------- | | **Control Area** | Logging and Monitoring | | **Related Risks** | R-TP-007 ยท R-TP-008 | | **Description** | Trustpoint provides operational visibility through logs, health information, and metrics. | | **Implementation** | Application logging ยท Health endpoints ยท Prometheus metrics | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | Logging implementation ยท Metrics documentation ยท Health endpoint documentation | --- ### **C-TP-016: Sensitive Data Logging Controls** | Field | Value | | ------------------ | ----------------------------------------------------------------------------------------------------- | | **Control Area** | Logging and Monitoring | | **Related Risks** | R-TP-007 | | **Description** | Logs should avoid exposing private keys, credentials, tokens, secrets, or unnecessary sensitive data. | | **Implementation** | Logging review ยท Redaction where needed ยท Minimal logging of sensitive values | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | Logging configuration ยท Code review ยท Security tests | --- ### **C-TP-017: Dependency Management** | Field | Value | | ------------------ | ----------------------------------------------------------------------------------------------------------------------- | | **Control Area** | Supply Chain Security | | **Related Risks** | R-TP-001 ยท R-TP-005 ยท R-TP-009 | | **Description** | Dependencies are pinned, reviewed, and updated to reduce exposure to known vulnerabilities and supply chain compromise. | | **Implementation** | `uv.lock` ยท Dependency review ยท Dependabot | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | `uv.lock` ยท Dependabot configuration ยท Dependency update PRs | --- ### **C-TP-018: Automated CI Checks** | Field | Value | | ------------------ | ----------------------------------------------------------------------------- | | **Control Area** | Supply Chain Security | | **Related Risks** | R-TP-001 ยท R-TP-005 | | **Description** | Automated checks support code quality, test execution, and release readiness. | | **Implementation** | GitHub Actions ยท Tests ยท MyPy ยท Ruff | | **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] | | **Evidence** | `.github/workflows/` ยท CI results ยท Test reports | --- ### **C-TP-019: Code Review** | Field | Value | | ------------------ | -------------------------------------------------------------------------------------------------- | | **Control Area** | Supply Chain Security | | **Related Risks** | R-TP-001 ยท R-TP-005 ยท R-TP-009 | | **Description** | Code changes are reviewed before merge to reduce security, quality, and maintainability risks. | | **Implementation** | Pull request workflow ยท Maintainer review ยท Two-person review target for security-relevant changes | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | Pull requests ยท Review history ยท Contribution process | --- ### **C-TP-020: SBOM Generation** | Field | Value | | ------------------ | -------------------------------------------------------------------------------- | | **Control Area** | Supply Chain Security | | **Related Risks** | R-TP-001 ยท R-TP-005 ยท R-TP-009 | | **Description** | Trustpoint should generate a Software Bill of Materials for production releases. | | **Implementation** | SBOM generation for release artifacts | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | SBOM artifact once generated ยท Release workflow | --- ### **C-TP-021: Release Integrity** | Field | Value | | ------------------ | ------------------------------------------------------------------------------------------ | | **Control Area** | Supply Chain Security | | **Related Risks** | R-TP-001 | | **Description** | Release artifacts should be protected against tampering and should be verifiable by users. | | **Implementation** | Release checks ยท Tagged releases ยท Checksums / signing planned | | **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] | | **Evidence** | GitHub releases ยท Release workflow ยท Future attestations | --- ### **C-TP-022: Vulnerability Disclosure Process** | Field | Value | | ------------------ | --------------------------------------------------------------------------------------------- | | **Control Area** | Vulnerability Handling | | **Related Risks** | R-TP-005 ยท R-TP-009 | | **Description** | Security vulnerabilities can be reported privately and handled through a coordinated process. | | **Implementation** | `SECURITY.md` ยท Security contact ยท GitHub Security Advisories | | **Status** | ![Implemented][badge-implemented] | | **Evidence** | `SECURITY.md` ยท GitHub Security Advisory configuration | --- ### **C-TP-023: Vulnerability Triage** | Field | Value | | ------------------ | --------------------------------------------------------------------------------------------- | | **Control Area** | Vulnerability Handling | | **Related Risks** | R-TP-005 ยท R-TP-009 | | **Description** | Reported vulnerabilities are reviewed, classified, prioritized, and assigned for remediation. | | **Implementation** | Maintainer triage ยท Severity classification ยท Issue/advisory workflow | | **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] | | **Evidence** | Security advisories ยท Issue history ยท Release notes | --- ### **C-TP-024: Security Update Process** | Field | Value | | ------------------ | ------------------------------------------------------------------------------------ | | **Control Area** | Vulnerability Handling | | **Related Risks** | R-TP-005 ยท R-TP-008 ยท R-TP-009 | | **Description** | Security fixes are developed, reviewed, tested, released, and communicated to users. | | **Implementation** | Security branches ยท Release notes ยท Advisory publication | | **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] | | **Evidence** | Release notes ยท Advisories ยท GitHub releases | --- ### **C-TP-025: Supported Versions Policy** | Field | Value | | ------------------ | ---------------------------------------------------------------------------------- | | **Control Area** | Vulnerability Handling | | **Related Risks** | R-TP-008 ยท R-TP-009 | | **Description** | Trustpoint should define which versions receive security updates and for how long. | | **Implementation** | Support policy before production release | | **Status** | ![Planned][badge-planned] | | **Evidence** | Future `SUPPORT.md` ยท Release policy | --- ## **Control-to-Risk Mapping** | Risk ID | Risk | Key Controls | | -------- | --------------------------------- | -------------------------------------------------------------------------- | | R-TP-001 | Supply Chain Attack | C-TP-017 ยท C-TP-018 ยท C-TP-019 ยท C-TP-020 ยท C-TP-021 | | R-TP-002 | Unauthorized Access | C-TP-001 ยท C-TP-002 ยท C-TP-003 ยท C-TP-004 ยท C-TP-011 ยท C-TP-012 | | R-TP-003 | Private Key Compromise | C-TP-005 ยท C-TP-006 ยท C-TP-013 ยท C-TP-014 | | R-TP-004 | Certificate Forgery | C-TP-005 ยท C-TP-006 ยท C-TP-007 ยท C-TP-008 ยท C-TP-009 ยท C-TP-010 | | R-TP-005 | Component Vulnerabilities | C-TP-017 ยท C-TP-018 ยท C-TP-019 ยท C-TP-022 ยท C-TP-023 ยท C-TP-024 | | R-TP-006 | Protocol Weaknesses | C-TP-006 ยท C-TP-007 ยท C-TP-009 ยท C-TP-012 | | R-TP-007 | Data Breach | C-TP-003 ยท C-TP-004 ยท C-TP-011 ยท C-TP-012 ยท C-TP-013 ยท C-TP-015 ยท C-TP-016 | | R-TP-008 | Service Disruption | C-TP-008 ยท C-TP-010 ยท C-TP-014 ยท C-TP-015 ยท C-TP-024 ยท C-TP-025 | | R-TP-009 | Incomplete Vulnerability Handling | C-TP-020 ยท C-TP-022 ยท C-TP-023 ยท C-TP-024 ยท C-TP-025 | --- ## **Open Items** | ID | Open Item | Priority | Target | | -------- | ---------------------------------------------------------- | -------- | ----------- | | C-OI-001 | Validate control list against current implementation | High | Before v1.0 | | C-OI-002 | Add evidence links for each implemented control | High | Before v1.0 | | C-OI-003 | Define minimum security baseline for production deployment | High | Before v1.0 | | C-OI-004 | Define supported versions and security update policy | High | Before v1.0 | | C-OI-005 | Add release signing or provenance attestations | Medium | Before v1.0 | | C-OI-006 | Add security test coverage mapping | Medium | Before v1.0 | | C-OI-007 | Add control-to-CRA-requirement mapping | Medium | Before v1.0 | [security]: https://github.com/Trustpoint-Project/trustpoint/blob/main/SECURITY.md [badge-you-are-here]: https://img.shields.io/badge/You%20are%20here-blue?style=flat-square [badge-implemented]: https://img.shields.io/badge/Implemented-success?style=flat-square [badge-in-progress]: https://img.shields.io/badge/In%20Progress-yellow?style=flat-square [badge-planned]: https://img.shields.io/badge/Planned-lightgrey?style=flat-square [badge-na]: https://img.shields.io/badge/Not%20Applicable-lightgrey?style=flat-square