From 62fd842c6565e95e269b80b6cb776c537484c830 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Lafoucrie=CC=80re?= Date: Wed, 28 Nov 2018 15:19:45 -0500 Subject: [PATCH] Add RED data security requirement to code review closes #8608 --- doc/development/code_review.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/development/code_review.md b/doc/development/code_review.md index df2cb30c5d6..fd8c8091ca2 100644 --- a/doc/development/code_review.md +++ b/doc/development/code_review.md @@ -53,6 +53,8 @@ from teams other than your own. #### Security requirements + 1. If your merge request is processing, storing, or transferring any kind of [RED or ORANGE data][https://docs.google.com/document/d/15eNKGA3zyZazsJMldqTBFbYMnVUSQSpU14lo22JMZQY/edit] (this is a confidential document), it must be + **approved by a [Security Engineer][team]**. 1. If your merge request involves implementing, utilizing, or is otherwise related to any type of authentication, authorization, or session handling mechanism, it must be **approved by a [Security Engineer][team]**. 1. If your merge request has a goal which requires a cryptographic function such as: confidentiality, integrity, authentication, or non-repudiation, it must be