3.0.0 Administrative Security Review

This issue documents the Administrative Security Review for an "Approved Software" release of the nshm-alaska repository, with tag 3.0.0 representing the 2023 Alaska NSHM. For reference, the administrative security review for the provisional release of nshm-alaska is here: #3 (closed)

Release candidate tag for review: 3.0.0rc-branch

Administrative Security Review

All software must have an administrative security review before it is made publicly available by any method. This type of review ensures personal, private, or otherwise sensitive information is not included in the repository. Types of sensitive information include:

• Personally identifiable information (PII)
• Absolute file system paths
• Internal server host names or IP addresses
• Usernames/passwords

Administrative security reviews may be performed by any trusted person; the reviewer does not necessarily need a strong scientific or programming background. When migrating an existing project into any non-private Git repository, it is important to remember that the entire project history needs to be reviewed if that history is to be maintained after migration.

USGS software review information: https://www.usgs.gov/products/software/software-management/types-software-review

added 2023 label

marked this issue as related to #26

marked this issue as related to #27

changed the description

changed the description

assigned to @ashumway

I used gitleaks (https://github.com/gitleaks/gitleaks) to scan the repository for security issues like personally identifiable information (PII) and usernames/passwords (e.g., passwords, keys, tokens). I also manually scanned the repository for absolute file system paths and internal server host names or IP addresses. I did not find any. This completes my Administrative Security Review and I approve of the software release.

changed milestone to %Finalize 2023 NSHM and ongoing GMM work

Based on Allison's comment, I am checking all boxes in the issue.

marked the checklist item Personally identifiable information (PII) as completed

marked the checklist item Absolute file system paths as completed

marked the checklist item Internal server host names or IP addresses as completed

marked the checklist item Usernames/passwords as completed

Administrative review is complete and all comments have been reconciled as documented in this issue.

removed milestone %Finalize 2023 NSHM and ongoing GMM work

changed milestone to %New RTGM Calculator App, Disagg mods, PRVI