# Production Configuration - COMPLIANT EXAMPLE # This configuration passes all compliance rules (GDPR, PCI DSS, HIPAA, SOX) app: name: "CompliantApp" version: "1.0.0" environment: "production" # Compliance Configuration - Full compliance compliance: standards: ["GDPR", "PCI-DSS", "HIPAA", "SOX"] certification: "ISO27001" lastAudit: "2024-01-15" nextAudit: "2024-07-15" # GDPR Compliance dataProtection: gdpr: enabled: true dataController: "MyCompany Ltd" dpo: "dpo@mycompany.com" # Data encryption for personal data encryption: enabled: true algorithm: "AES-256-GCM" keyManagement: "HSM" # Consent management consentManagement: enabled: true consentTracking: true consentWithdrawal: true consentExpiry: "2y" # Data retention policies dataRetention: enabled: true personalData: "2y" logs: "1y" analytics: "6m" autoDeletion: true # Breach notification breachNotification: enabled: true notificationTime: "72h" authority: "ICO" # Right to erasure (right to be forgotten) rightToErasure: enabled: true processingTime: "30d" verification: true # PCI DSS Compliance paymentProcessing: pciDss: enabled: true level: 1 # Card data encryption cardDataEncryption: enabled: true algorithm: "AES-256" keyRotation: "90d" tokenization: true # Secure transmission secureTransmission: enabled: true protocol: "TLS 1.3" certificateValidation: true pinTransmission: "3DES" # Access control accessControl: enabled: true multiFactor: true roleBased: true leastPrivilege: true sessionTimeout: "15m" # Network security networkSecurity: enabled: true firewall: true intrusionDetection: true segmentation: true wirelessSecurity: "WPA3" # Vulnerability management vulnerabilityManagement: enabled: true scanning: "monthly" patching: "30d" penetrationTesting: "annually" # HIPAA Compliance healthcare: hipaa: enabled: true # PHI encryption phiEncryption: enabled: true algorithm: "AES-256" atRest: true inTransit: true # Access controls accessControls: enabled: true authentication: "multi-factor" authorization: "role-based" auditLogs: true sessionManagement: true # Audit logs auditLogs: enabled: true retention: "6y" immutable: true realTime: true alerts: true # Business Associate Agreements businessAssociates: enabled: true agreements: true compliance: true monitoring: true # Workforce training workforceTraining: enabled: true frequency: "annually" topics: ["HIPAA", "Security", "Privacy"] certification: true # SOX Compliance financialReporting: sox: enabled: true # Internal controls internalControls: enabled: true segregation: true authorization: true documentation: true monitoring: true # Financial reporting financialReporting: enabled: true accuracy: true completeness: true timeliness: true disclosure: true # Audit trails auditTrails: enabled: true immutable: true retention: "7y" integrity: true access: "authorized-only" # Management certification managementCertification: enabled: true quarterly: true annual: true documentation: true # Real-time disclosure realTimeDisclosure: enabled: true materialChanges: true financialEvents: true complianceEvents: true # Encryption Configuration encryption: enabled: true algorithms: data: "AES-256-GCM" transmission: "TLS 1.3" storage: "AES-256" keyManagement: type: "HSM" rotation: "90d" backup: true recovery: true # Audit Configuration audit: enabled: true comprehensive: true # What to audit events: - "authentication" - "authorization" - "data-access" - "data-modification" - "configuration-changes" - "security-events" # Audit storage storage: type: "immutable" retention: "7y" encryption: true integrity: true # Audit reporting reporting: realTime: true alerts: true dashboards: true compliance: true # Access Control Configuration accessControl: enabled: true model: "RBAC" # Authentication authentication: multiFactor: true passwordPolicy: minLength: 12 complexity: true history: 12 expiry: "90d" # Authorization authorization: roleBased: true leastPrivilege: true separationOfDuties: true periodicReview: true # Session management sessionManagement: timeout: "15m" concurrent: false secure: true tracking: true