# Security Controls
**๐ Document Owner:** Trustpoint Project Maintainers | **๐ Version:** 1.0 | **๐
Last Updated:** 2026-07-01
**๐ Review Cycle:** Quarterly | **โฐ Next Review:** 2026-09-26
---
## **Purpose**
This document describes the technical and organizational security controls used to reduce cybersecurity risks for Trustpoint.
The controls are derived from the threats identified in `THREAT_MODEL.md` and the risks evaluated in `RISK_REGISTER.md`.
---
## **Control Management Process**
Trustpoint follows a structured security documentation chain:
```text
Threat Model โ Risk Register โ Controls โ Evidence โ Review
```
| Step | Document | Purpose |
| ---------------- | ------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------- |
| 1. Threat Model | [`THREAT_MODEL.md`](./THREAT_MODEL.md) | Identifies threats to Trustpoint |
| 2. Risk Register | [`RISK_REGISTER.md`](./RISK_REGISTER.md) | Groups threats into cybersecurity risks
| 3. Controls | [`CONTROLS.md`](./CONTROLS.md) - [![Critical][badge-you-are-here]]() | Documents implemented and planned controls |
| 4. Evidence | [`CRA_COMPLIANCE.md`](./CRA_COMPLIANCE.md) ยท [`SECURITY.md`][security] ยท CI/CD artifacts ยท SBOM | Provides evidence for implemented controls, vulnerability handling, release processes, and security maintenance |
| 5. Review | [`THREAT_MODEL.md`](./THREAT_MODEL.md) ยท [`RISK_REGISTER.md`](./RISK_REGISTER.md) ยท [`CONTROLS.md`](./CONTROLS.md) ยท [`CRA_COMPLIANCE.md`](./CRA_COMPLIANCE.md) | Ensures that threats, risks, controls, and evidence remain current over time
---
## **Control Status**
| Status | Meaning |
| -------------- | ----------------------------------------------------------------------- |
| ![Implemented][badge-implemented] | Control is implemented and evidence is available or partially available |
| ![In Progress][badge-in-progress] | Control is partially implemented or being improved |
| ![Planned][badge-planned] | Control is identified but not yet implemented |
| ![NA][badge-na] | Control is not applicable to the current Trustpoint scope |
---
## **Control Summary**
| Control Area | Controls | Status |
|-------------|---------:|--------|
| Access control | 4 | ![In Progress][badge-in-progress] |
| Cryptographic security | 2 | ![In Progress][badge-in-progress] |
| Certificate lifecycle security | 4 | ![In Progress][badge-in-progress] |
| Secure deployment | 4 | ![In Progress][badge-in-progress] |
| Logging and monitoring | 2 | ![In Progress][badge-in-progress] |
| Supply chain security | 5 | ![In Progress][badge-in-progress] |
| Vulnerability handling | 4 | ![In Progress][badge-in-progress] |
| **Total Controls** | **25** | **Initial Version** |
---
## **Security Controls**
### **C-TP-001: Authentication**
| Field | Value |
| ------------------ | --------------------------------------------------------------------------------------------- |
| **Control Area** | Access Control |
| **Related Risks** | R-TP-002 |
| **Description** | Trustpoint requires authenticated access for administrative and security-relevant operations. |
| **Implementation** | Django authentication ยท Session handling ยท API authentication |
| **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] |
| **Evidence** | Django auth configuration ยท Source code ยท Security tests |
---
### **C-TP-002: Authorization and RBAC**
| Field | Value |
| ------------------ | ------------------------------------------------------------------------------------------------------------------------ |
| **Control Area** | Access Control |
| **Related Risks** | R-TP-002 ยท R-TP-004 |
| **Description** | Authorization checks restrict certificate, policy, lifecycle, and administrative operations to permitted users or roles. |
| **Implementation** | Role-based access control ยท Permission checks ยท Admin restrictions |
| **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] |
| **Evidence** | Source code ยท Authorization tests ยท Admin documentation |
---
### **C-TP-003: Administrative Auditability**
| Field | Value |
| ------------------ | ---------------------------------------------------------------------------------------------------- |
| **Control Area** | Access Control |
| **Related Risks** | R-TP-002 ยท R-TP-004 ยท R-TP-007 |
| **Description** | Security-relevant administrative actions are logged to support accountability and incident analysis. |
| **Implementation** | Audit logs ยท Lifecycle event logging |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | Audit log implementation ยท Logging documentation |
---
### **C-TP-004: Secure Session and Token Handling**
| Field | Value |
| ------------------ | --------------------------------------------------------------------------- |
| **Control Area** | Access Control |
| **Related Risks** | R-TP-002 ยท R-TP-007 |
| **Description** | Sessions and tokens are protected against unauthorized reuse or disclosure. |
| **Implementation** | Secure cookie settings ยท Token lifetime management ยท TLS requirement |
| **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] |
| **Evidence** | Django security settings ยท Deployment documentation |
---
### **C-TP-005: CA Private Key Protection**
| Field | Value |
| ------------------ | ----------------------------------------------------------------------------------------------- |
| **Control Area** | Cryptographic Security |
| **Related Risks** | R-TP-003 ยท R-TP-004 |
| **Description** | CA private keys are protected against unauthorized access, extraction, modification, or misuse. |
| **Implementation** | PKCS#11 / HSM support ยท Encrypted storage ยท Access restrictions |
| **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] |
| **Evidence** | PKCS#11 integration ยท HSM configuration ยท Key management documentation |
---
### **C-TP-006: Secure Cryptographic Defaults**
| Field | Value |
| ------------------ | ------------------------------------------------------------------------------------------------------------- |
| **Control Area** | Cryptographic Security |
| **Related Risks** | R-TP-003 ยท R-TP-004 ยท R-TP-006 |
| **Description** | Trustpoint should use secure cryptographic algorithms, key sizes, profiles, and protocol settings by default. |
| **Implementation** | Certificate profile validation ยท Cryptographic parameter restrictions ยท TLS guidance |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | Certificate profile code ยท Crypto tests ยท Documentation |
---
### **C-TP-007: Certificate Policy Enforcement**
| Field | Value |
| ------------------ | ------------------------------------------------------------------------------ |
| **Control Area** | Certificate Lifecycle Security |
| **Related Risks** | R-TP-004 ยท R-TP-006 |
| **Description** | Certificate issuance follows defined profiles, policies, and validation rules. |
| **Implementation** | Certificate templates ยท Policy validation ยท Request validation |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | CA/RA implementation ยท Policy documentation ยท Tests |
---
### **C-TP-008: Certificate Lifecycle Management**
| Field | Value |
| ------------------ | --------------------------------------------------------------------------------------------------------------- |
| **Control Area** | Certificate Lifecycle Security |
| **Related Risks** | R-TP-004 ยท R-TP-008 |
| **Description** | Trustpoint supports certificate issuance, renewal, revocation, expiry tracking, and lifecycle state management. |
| **Implementation** | Lifecycle workflows ยท Renewal handling ยท Revocation state |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | Lifecycle implementation ยท Tests ยท Documentation |
---
### **C-TP-009: Device Identity Verification**
| Field | Value |
| ------------------ | ---------------------------------------------------------------------------------------------- |
| **Control Area** | Certificate Lifecycle Security |
| **Related Risks** | R-TP-004 ยท R-TP-006 |
| **Description** | Device onboarding and enrollment workflows verify device identity before certificate issuance. |
| **Implementation** | Enrollment validation ยท Protocol-specific checks ยท Operator approval where required |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | Enrollment implementation ยท Protocol tests ยท Operator documentation |
---
### **C-TP-010: Revocation Support**
| Field | Value |
| ------------------ | -------------------------------------------------------------------------------------------- |
| **Control Area** | Certificate Lifecycle Security |
| **Related Risks** | R-TP-004 ยท R-TP-008 |
| **Description** | Trustpoint supports revocation of compromised, obsolete, or incorrectly issued certificates. |
| **Implementation** | Revocation workflows ยท Revocation state ยท CRL / status distribution as applicable |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | Revocation implementation ยท Lifecycle tests ยท Documentation |
---
### **C-TP-011: Secure Deployment Configuration**
| Field | Value |
| ------------------ | ------------------------------------------------------------------------------------------------------------ |
| **Control Area** | Secure Deployment |
| **Related Risks** | R-TP-002 ยท R-TP-007 ยท R-TP-008 |
| **Description** | Trustpoint provides deployment guidance and configuration options to reduce insecure runtime configurations. |
| **Implementation** | Docker deployment ยท Environment configuration ยท Production settings guidance |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | Deployment documentation ยท Docker configuration |
---
### **C-TP-012: TLS Protection**
| Field | Value |
| ------------------ | ---------------------------------------------------------------------------------------------- |
| **Control Area** | Secure Deployment |
| **Related Risks** | R-TP-002 ยท R-TP-006 ยท R-TP-007 |
| **Description** | Network communication with Trustpoint should be protected using TLS or mTLS where appropriate. |
| **Implementation** | TLS deployment guidance ยท HTTPS configuration ยท Protocol-specific TLS requirements |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | Deployment documentation ยท Protocol documentation ยท TLS tests |
---
### **C-TP-013: Secret Management**
| Field | Value |
| ------------------ | ---------------------------------------------------------------------------------------------------------------------- |
| **Control Area** | Secure Deployment |
| **Related Risks** | R-TP-003 ยท R-TP-007 |
| **Description** | Runtime secrets, database credentials, API tokens, and private material are protected against unauthorized disclosure. |
| **Implementation** | Environment-based secret configuration ยท Secure storage guidance ยท Secret rotation guidance |
| **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] |
| **Evidence** | Deployment documentation ยท Configuration reference |
---
### **C-TP-014: Backup and Recovery**
| Field | Value |
| ------------------ | ---------------------------------------------------------------------------------------------------------- |
| **Control Area** | Secure Deployment |
| **Related Risks** | R-TP-003 ยท R-TP-007 ยท R-TP-008 |
| **Description** | Trustpoint supports backup and recovery procedures for continuity and recovery from failures or incidents. |
| **Implementation** | Database backup support ยท Recovery guidance ยท RTO/RPO targets |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | Backup configuration ยท Recovery documentation |
---
### **C-TP-015: Monitoring and Metrics**
| Field | Value |
| ------------------ | ----------------------------------------------------------------------------------------- |
| **Control Area** | Logging and Monitoring |
| **Related Risks** | R-TP-007 ยท R-TP-008 |
| **Description** | Trustpoint provides operational visibility through logs, health information, and metrics. |
| **Implementation** | Application logging ยท Health endpoints ยท Prometheus metrics |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | Logging implementation ยท Metrics documentation ยท Health endpoint documentation |
---
### **C-TP-016: Sensitive Data Logging Controls**
| Field | Value |
| ------------------ | ----------------------------------------------------------------------------------------------------- |
| **Control Area** | Logging and Monitoring |
| **Related Risks** | R-TP-007 |
| **Description** | Logs should avoid exposing private keys, credentials, tokens, secrets, or unnecessary sensitive data. |
| **Implementation** | Logging review ยท Redaction where needed ยท Minimal logging of sensitive values |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | Logging configuration ยท Code review ยท Security tests |
---
### **C-TP-017: Dependency Management**
| Field | Value |
| ------------------ | ----------------------------------------------------------------------------------------------------------------------- |
| **Control Area** | Supply Chain Security |
| **Related Risks** | R-TP-001 ยท R-TP-005 ยท R-TP-009 |
| **Description** | Dependencies are pinned, reviewed, and updated to reduce exposure to known vulnerabilities and supply chain compromise. |
| **Implementation** | `uv.lock` ยท Dependency review ยท Dependabot |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | `uv.lock` ยท Dependabot configuration ยท Dependency update PRs |
---
### **C-TP-018: Automated CI Checks**
| Field | Value |
| ------------------ | ----------------------------------------------------------------------------- |
| **Control Area** | Supply Chain Security |
| **Related Risks** | R-TP-001 ยท R-TP-005 |
| **Description** | Automated checks support code quality, test execution, and release readiness. |
| **Implementation** | GitHub Actions ยท Tests ยท MyPy ยท Ruff |
| **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] |
| **Evidence** | `.github/workflows/` ยท CI results ยท Test reports |
---
### **C-TP-019: Code Review**
| Field | Value |
| ------------------ | -------------------------------------------------------------------------------------------------- |
| **Control Area** | Supply Chain Security |
| **Related Risks** | R-TP-001 ยท R-TP-005 ยท R-TP-009 |
| **Description** | Code changes are reviewed before merge to reduce security, quality, and maintainability risks. |
| **Implementation** | Pull request workflow ยท Maintainer review ยท Two-person review target for security-relevant changes |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | Pull requests ยท Review history ยท Contribution process |
---
### **C-TP-020: SBOM Generation**
| Field | Value |
| ------------------ | -------------------------------------------------------------------------------- |
| **Control Area** | Supply Chain Security |
| **Related Risks** | R-TP-001 ยท R-TP-005 ยท R-TP-009 |
| **Description** | Trustpoint should generate a Software Bill of Materials for production releases. |
| **Implementation** | SBOM generation for release artifacts |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | SBOM artifact once generated ยท Release workflow |
---
### **C-TP-021: Release Integrity**
| Field | Value |
| ------------------ | ------------------------------------------------------------------------------------------ |
| **Control Area** | Supply Chain Security |
| **Related Risks** | R-TP-001 |
| **Description** | Release artifacts should be protected against tampering and should be verifiable by users. |
| **Implementation** | Release checks ยท Tagged releases ยท Checksums / signing planned |
| **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] |
| **Evidence** | GitHub releases ยท Release workflow ยท Future attestations |
---
### **C-TP-022: Vulnerability Disclosure Process**
| Field | Value |
| ------------------ | --------------------------------------------------------------------------------------------- |
| **Control Area** | Vulnerability Handling |
| **Related Risks** | R-TP-005 ยท R-TP-009 |
| **Description** | Security vulnerabilities can be reported privately and handled through a coordinated process. |
| **Implementation** | `SECURITY.md` ยท Security contact ยท GitHub Security Advisories |
| **Status** | ![Implemented][badge-implemented] |
| **Evidence** | `SECURITY.md` ยท GitHub Security Advisory configuration |
---
### **C-TP-023: Vulnerability Triage**
| Field | Value |
| ------------------ | --------------------------------------------------------------------------------------------- |
| **Control Area** | Vulnerability Handling |
| **Related Risks** | R-TP-005 ยท R-TP-009 |
| **Description** | Reported vulnerabilities are reviewed, classified, prioritized, and assigned for remediation. |
| **Implementation** | Maintainer triage ยท Severity classification ยท Issue/advisory workflow |
| **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] |
| **Evidence** | Security advisories ยท Issue history ยท Release notes |
---
### **C-TP-024: Security Update Process**
| Field | Value |
| ------------------ | ------------------------------------------------------------------------------------ |
| **Control Area** | Vulnerability Handling |
| **Related Risks** | R-TP-005 ยท R-TP-008 ยท R-TP-009 |
| **Description** | Security fixes are developed, reviewed, tested, released, and communicated to users. |
| **Implementation** | Security branches ยท Release notes ยท Advisory publication |
| **Status** | ![Implemented][badge-implemented] ![In Progress][badge-in-progress] |
| **Evidence** | Release notes ยท Advisories ยท GitHub releases |
---
### **C-TP-025: Supported Versions Policy**
| Field | Value |
| ------------------ | ---------------------------------------------------------------------------------- |
| **Control Area** | Vulnerability Handling |
| **Related Risks** | R-TP-008 ยท R-TP-009 |
| **Description** | Trustpoint should define which versions receive security updates and for how long. |
| **Implementation** | Support policy before production release |
| **Status** | ![Planned][badge-planned] |
| **Evidence** | Future `SUPPORT.md` ยท Release policy |
---
## **Control-to-Risk Mapping**
| Risk ID | Risk | Key Controls |
| -------- | --------------------------------- | -------------------------------------------------------------------------- |
| R-TP-001 | Supply Chain Attack | C-TP-017 ยท C-TP-018 ยท C-TP-019 ยท C-TP-020 ยท C-TP-021 |
| R-TP-002 | Unauthorized Access | C-TP-001 ยท C-TP-002 ยท C-TP-003 ยท C-TP-004 ยท C-TP-011 ยท C-TP-012 |
| R-TP-003 | Private Key Compromise | C-TP-005 ยท C-TP-006 ยท C-TP-013 ยท C-TP-014 |
| R-TP-004 | Certificate Forgery | C-TP-005 ยท C-TP-006 ยท C-TP-007 ยท C-TP-008 ยท C-TP-009 ยท C-TP-010 |
| R-TP-005 | Component Vulnerabilities | C-TP-017 ยท C-TP-018 ยท C-TP-019 ยท C-TP-022 ยท C-TP-023 ยท C-TP-024 |
| R-TP-006 | Protocol Weaknesses | C-TP-006 ยท C-TP-007 ยท C-TP-009 ยท C-TP-012 |
| R-TP-007 | Data Breach | C-TP-003 ยท C-TP-004 ยท C-TP-011 ยท C-TP-012 ยท C-TP-013 ยท C-TP-015 ยท C-TP-016 |
| R-TP-008 | Service Disruption | C-TP-008 ยท C-TP-010 ยท C-TP-014 ยท C-TP-015 ยท C-TP-024 ยท C-TP-025 |
| R-TP-009 | Incomplete Vulnerability Handling | C-TP-020 ยท C-TP-022 ยท C-TP-023 ยท C-TP-024 ยท C-TP-025 |
---
## **Open Items**
| ID | Open Item | Priority | Target |
| -------- | ---------------------------------------------------------- | -------- | ----------- |
| C-OI-001 | Validate control list against current implementation | High | Before v1.0 |
| C-OI-002 | Add evidence links for each implemented control | High | Before v1.0 |
| C-OI-003 | Define minimum security baseline for production deployment | High | Before v1.0 |
| C-OI-004 | Define supported versions and security update policy | High | Before v1.0 |
| C-OI-005 | Add release signing or provenance attestations | Medium | Before v1.0 |
| C-OI-006 | Add security test coverage mapping | Medium | Before v1.0 |
| C-OI-007 | Add control-to-CRA-requirement mapping | Medium | Before v1.0 |
[security]: https://github.com/Trustpoint-Project/trustpoint/blob/main/SECURITY.md
[badge-you-are-here]: https://img.shields.io/badge/You%20are%20here-blue?style=flat-square
[badge-implemented]: https://img.shields.io/badge/Implemented-success?style=flat-square
[badge-in-progress]: https://img.shields.io/badge/In%20Progress-yellow?style=flat-square
[badge-planned]: https://img.shields.io/badge/Planned-lightgrey?style=flat-square
[badge-na]: https://img.shields.io/badge/Not%20Applicable-lightgrey?style=flat-square