neuromentum/wikijs_data
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: create DocumentationStrategy/CompliancePerspective

Browse Source
This commit is contained in:
Administrator 2025-04-05 01:50:26 +00:00 committed by John Smith
parent fd8b121894
commit 521831dbf3
1 changed files with 132 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
DocumentationStrategy/CompliancePerspective.md Normal file
View File

@ -0,0 +1,132 @@
---
title: Compliance Perspective
description:
published: true
date: 2025-04-05T01:50:24.026Z
tags:
editor: markdown
dateCreated: 2025-04-05T01:50:24.026Z
---
# ✅ Compliance-Ready Documentation Strategy
### For: Janusian Infra & Knowledge Stack
**Audience:** DevOps, Infra, Security, Docs
**Version:** v1
**Last Reviewed:** 2025-04-05
---
## 🧭 Overview
This document outlines how our documentation stack (Wiki.js + Git + frontmatter) can be hardened for **compliance-readiness**, enabling:
- Granular access control
- Immutable audit logs
- Identity & access management (IAM)
- Policy enforcement for documentation changes
- Integration with external logging and monitoring
This helps us align with frameworks like **SOC 2**, **ISO 27001**, **GDPR**, and partially with **HIPAA**.
---
## 🏗️ System Components
| Component | Role |
|---------------|-------------------------------------|
| Wiki.js | Primary editing & browsing interface |
| Git (GitHub) | Backend version control, history |
| YAML Frontmatter | Structured metadata for compliance labeling |
| GitHub Actions | Policy enforcement & automation |
| SSO (e.g., Google/Okta) | Identity management |
| Monitoring (optional) | Access log visibility |
---
## 🔐 1. Access Control & Identity Management
- **Use Wiki.js Auth Providers**:
- Integrate OAuth2, SAML, or LDAP (Google Workspace, Okta, Azure AD).
- Enable **SSO with MFA**.
- Apply **page-level permissions** (reader, editor, admin).
- **Group users** by roles (e.g., `docs_editor`, `infra_admin`, `read_only`).
- **Map Git permissions** to teams for repo access (e.g., `docs/` path in GitHub).
---
## 🧾 2. Immutable Audit Logs
### Wiki.js Logs:
- Enable **Audit Logging** to track:
- Page views
- Edits and deletions
- Permission changes
- Login attempts
### Git Logs:
- Every doc change is:
- **Signed** (optional via `git commit -S`)
- Timestamped and traceable
- Stored in Git history (cryptographically verifiable)
📌 **Optional:** Use [OpenTimestamps](https://opentimestamps.org/) or [Sigstore](https://www.sigstore.dev/) to append public, verifiable timestamps.
---
## 📜 3. Policy Enforcement
- Define **GitHub CODEOWNERS** for all Markdown documentation:
- Require approvals from specific teams (e.g., `docs-core`, `compliance`).
- Implement CI checks:
- Ensure `classification`, `relevant_for`, and `last_reviewed` exist in frontmatter.
- Auto-tag missing fields or block merges.
- Configure **Wiki.js page drafts + approval plugins** for reviewable content.
---
## 📊 4. Monitoring & Alerting
- Pipe Wiki.js audit logs to:
- ELK Stack
- Datadog
- Prometheus + Grafana
Set up alerts for:
- Unauthorized access attempts
- Changes to classified or sensitive pages
- Admin permission changes
---
## 🧩 5. Compliance Frameworks We Could Map To
| Compliance | Support Level | Notes |
|------------|----------------|-------|
| **SOC 2** | ✅ Full coverage for Change Mgmt, IAM, Logging |
| **ISO 27001** | ✅ Aligns with Access Control & Audit Domains |
| **GDPR** | ✅ Log access to personal data, support deletion requests |
| **HIPAA** | ⚠️ Partial — not medical record-safe, but audit & access logs supported |
---
## 🚀 Next Steps
- [ ] Enable Wiki.js Audit Log to PostgreSQL or external logger
- [ ] Enforce Git commit signing for doc repo
- [ ] Add CODEOWNERS and review workflows
- [ ] Set up GitHub Actions to lint frontmatter
- [ ] Route logs to Grafana or Datadog for alerting
---
## 🔍 References
- [Wiki.js Auth Providers](https://docs.requarks.io/authentication)
- [Git Signed Commits](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work)
- [OpenTimestamps](https://opentimestamps.org/)
- [Sigstore](https://www.sigstore.dev/)
- [SOC 2 Criteria](https://www.aicpa.org/resources/article/trust-services-criteria)
- [ISO 27001 Controls](https://www.iso.org/isoiec-27001-information-security.html)
---