To ensure the confidentiality of the data that it stores Oso requires the use of encryption at rest for all assets classified as PRIVATE, SENSITIVE or CRITICAL. This policy applies to all servers, datastores, or endpoints where such classified data resides.
To prevent accidental disclosure of sensitive data Oso requires the use of encryption in transit to communicate with all Oso services. Oso requires the use of TLS version 1.2 or greater for all interactions with Oso services.
Oso recognizes that effective use of encryption is predicated on the secure storage and management of underlying cryptographic key material. To ensure the confidentiality of cryptographic material Oso requires the use of platform-operated cryptographic services i.e. AWS Key Management Service where available when configuring encryption in transit or at rest.