Security Overview
This section is the engineer-facing home for security and audit topics that sit alongside infrastructure work. It complements the existing security material elsewhere in the library — for example CI/CD compliance and audit, Kubernetes RBAC, Pod Security Standards, AWS IAM, and Azure security.
Pages here focus on what an engineer does day-to-day when their org is in scope for SOC 2, ISO 27001, PCI DSS, or HIPAA — not the legal interpretation of those frameworks.
Nothing on these pages is legal, audit, or compliance advice. Treat it as a starting point and align with your org’s GRC, security, and legal owners.
Why a Dedicated Section
Section titled “Why a Dedicated Section”Security and audit show up in many corners of the library, but engineers also need a place that answers:
- What evidence will an auditor actually ask me for?
- What is a “walkthrough” and what should I prepare?
- Which CI/CD, ticketing, and access-log artifacts count as evidence?
- How do I hand off to GRC without dropping the ball?
These are practice questions that pair with the technical controls covered in other sections.
Topics in This Section
Section titled “Topics in This Section”- DevSecOps overview — How delivery-embedded security fits this library; paths for security engineering vs operations; links to scanning, policy, compliance, and cloud controls.
- Compliance quick reference for SREs — Framework-by-concern matrix (pipeline, runtime, identity, evidence) plus SOC 2, ISO, HIPAA, PCI, and CIS checklists with deep links.
- CIS controls and cloud benchmarks — CIS Controls vs CIS AWS and Azure Foundations benchmarks; sample themes mapped into this library.
- SOC 2 for platform teams — Short hub: which pages to open first for SOC 2–style evidence and controls.
- Audit fieldwork and evidence for engineers — Types of evidence, sampling and walkthroughs, common SOC 2 and ISO control themes mapped to what you actually show auditors, sample discussion prompts, and handoff with GRC.
Additional topics (threat modeling, deeper IAM design patterns) may land here or under CI/CD and cloud sections as the library grows.
Related Sections
Section titled “Related Sections”| Topic | Where to Go |
|---|---|
| CI/CD audit trails and change management | Compliance and audit |
| CI/CD security controls (SAST, SCA, scanning) | Security scanning |
| Kubernetes access control | RBAC, Pod Security Standards |
| Cloud IAM and security services | AWS IAM, AWS security services, Azure security |
| Secret management | AWS secrets |
| Identity at the edge | SSO federation at the edge |