Sensitive information stored in Confluence should be protected and accessible only to credentialed, authenticated users. Types of sensitive content includes: - Security findings and documentation
- Vulnerability scans
- System IP addresses and host names
- Any other information you believe should only be accessible to certain Atlassian users
Other types of restricted content are Personal Health Information (PHI) and Personal Identification Information (PII), which should not be published anywhere on Confluence, even on restricted pagesPer our Information System Security Officer (ISSO), PII/PHI is NOT to be stored in HCQIS Atlassian. All PII/PHI should be sent using encrypted email or secure file transfer (SFT). |