Update for 12-01-22 00:30

2022-01-12 00:30:01 -05:00 · 2022-01-12 00:30:01 -05:00 · d4e4b26b3b
commit d4e4b26b3b
parent ccbf644321
2 changed files with 22 additions and 1 deletions
--- a/tech/cia-do-dont.wiki
+++ b/tech/cia-do-dont.wiki
@ -46,3 +46,24 @@ This is the CIA list of dos and donts.
 * DO document disk forensic footprint that could created by tool
 * DONOT read, write, or cache data to disk for no reason
 * DONOT write plain text collected data to the disk
+* DO encrypt all data written to disk
+* DO utilize a secure erase when removing a files from disk that also wipes
+  filename, datetime stamp, and contents
+* DO perfom at least a single pass of zeros over the content of the file
+* DONOT perform disk IO operations that will make the system unresponsive
+* DONOT use a magic header or footer
+* DONOT use hard-coded filenames or filepaths. These must be configurable at
+  deployment time by the operator
+* DO have a configurable max size limit or output file count for writing files
+
+== Dates/Time ==
+
+* DO use GMT/UTC/Zulu
+* DONOT use US-centeric timestamps
+* DO use YYYYMMDD instead
+
+== PSP/AV ==
+
+* DONOT assume free versions of PSP is the same as retail PSP. Test on all
+  versions in a sandbox
+* DO test PSPs with recently live internet connections when possible
--- a/tech/security.wiki
+++ b/tech/security.wiki
@ -6,7 +6,7 @@ Tools useful for security, either offensive or defensive

 Hiding information

-[[cia-do-dont]]
+* [[cia-do-dont]]

 === Ciphers ===