version: "1.0.1" name: security-documentation description: > Create security policies, guidelines, compliance documentation, and security best practices. Use when documenting security policies, compliance requirements, or security guidelines.

Security Documentation

Table of Contents

• Overview
• When to Use
• Quick Start
• Reference Guides
• Best Practices

Overview

Create comprehensive security documentation including policies, guidelines, compliance requirements, and best practices for secure application development and operations.

When to Use

• Security policies
• Compliance documentation (SOC 2, GDPR, HIPAA)
• Security guidelines and best practices
• Incident response plans
• Access control policies
• Data protection policies
• Vulnerability disclosure policies
• Security audit reports

Quick Start

Minimal working example:

# Security Policy
 
**Version:** 2.0
**Last Updated:** 2025-01-15
**Review Schedule:** Quarterly
**Owner:** Security Team
**Contact:** security@example.com
 
## Table of Contents
 
1.[Overview](#overview)
2.[Scope](#scope)
3.[Authentication & Access Control](#authentication--access-control)
4.[Data Protection](#data-protection)
5.[Application Security](#application-security)
6.[Infrastructure Security](#infrastructure-security)
7.[Incident Response](#incident-response)
8.[Compliance](#compliance)
9.[Security Training](#security-training)
 
---
 
## 1. Overview
 
### Purpose
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Best Practices

✅ DO

• Follow principle of least privilege
• Encrypt sensitive data
• Implement MFA everywhere
• Log security events
• Regular security audits
• Keep systems updated
• Document security policies
• Train employees regularly
• Have incident response plan
• Test backups regularly

❌ DON'T

• Store passwords in plaintext
• Skip input validation
• Ignore security headers
• Share credentials
• Hardcode secrets in code
• Skip security testing
• Ignore vulnerability reports