HomeSecurity & Governance › Security & Governance — overview

Security & Governance — overview

Purpose: Index of security pages and the layered model that organises them.

Who this page is for

AudienceWhy it matters to you
All engineersSecurity is a feature requirement
Tech leadsGovernance owners

Layers, outermost first

Edge        WAF, TLS, headers            → [TLS & headers]
Delivery    Dispatcher filters           → [Dispatcher security]
Application XSS/CSRF-safe code           → [OWASP for AEM]
Platform    Users, groups, service users → [Security model], [Service users]
Data        PII discipline               → [PII & data handling]
Process     Audit, governance, patching  → [Audit], [Content governance], [Vulnerability & patch]
PageCovers
Security model overviewPrincipals, ACLs, authentication surfaces
Least privilege & service usersBackend code without admin
Dispatcher security checklistThe delivery-tier gate
OWASP for AEMXSS, CSRF, injection in AEM terms
TLS & security headersTransport and browser policy
PII & data handlingPersonal data discipline
Audit & compliance loggingProving who did what
Content governance & approvalRegulated-content controls
Vulnerability & patch governanceStaying defensibly current

Per-feature developer gate: the security checklist in Production Readiness.

Quick navigation