Security Policy
Overview
Pinpoint takes security seriously. We implement multiple layers of security measures to protect user data and system integrity.
Security Features
Authentication
- UMD CAS-based authentication
- Secure session management
- Role-based access control (RBAC)
- Automatic session timeout
Data Protection
- All data is encrypted in transit using TLS
- Sensitive data is encrypted at rest
- Regular security audits and updates
- Automated vulnerability scanning
CI/CD Security
We employ several automated security measures in our CI/CD pipeline:
- SAST (Static Application Security Testing)
- Secret Detection
- Dependency Scanning
- Container Scanning
- Dynamic Application Security Testing (DAST)
Reporting Security Issues
If you discover a security vulnerability in Pinpoint:
- Do Not disclose the issue publicly
- Email eds@umd.edu with "SECURITY" in the subject line
- Include detailed information about the vulnerability
- Our team will respond within 24 hours
Data Handling
User Data
- We collect only necessary user information
- Data retention policies are in compliance with UMD policies
- Regular data backups are performed
- Access to user data is strictly controlled and audited
Compliance
- FERPA compliant
- Regular security assessments
- Compliance with UMD IT Security policies