I. Purpose #

The networks used by remote workers (primarily from home or shared offices) are beyond our control, and it is essential that we mitigate threat models presented by this mode of access.

II. Scope #

This policy applies to all employees and contractors who work with Nested Knowledge and access internal or confidential Nested Knowledge data.

III. Wireless Connection Policy #

Wireless network acceptable practices are based on the data classification system. Public data may be accessed on any network. Internal Nested Knowledge data, confidential data, and restricted data may only be accessed on secure networks. All personnel accessing non-public data must avoid the use of public, high-risk networks.

Home Network Procedures:

All employees and contractors are provided with guidance on procedures for safely using home networks, which includes practices such as using strong passwords, eliminating guest networks, securing IoT devices, limiting reach of routers, and frequently updating devices.

Network Security Policy #

I. Purpose #

This policy provides guidance to safeguard networks maintained by Nested Knowledge from harm.

II. Scope #

This policy applies to all employees and contractors who work with Nested Knowledge and access internal or confidential Nested Knowledge data. Due to the nature of our networks, the policy primarily applies to IT staff / developers who may be accessing production networks.

III. Network Security Policy #

Nested Knowledge, a fully remote company, does not maintain networks for employees, opting instead for cloud applications available over the public internet.

The Nested Knowledge cloud application and marketing site run in an isolated, private network (AWS Virtual Private Cloud, “VPC”). Only front-end servers are exposed to the internet via gateway; backend services and databases are unreachable outside the VPC. Access to the VPC is provided by a bastion host via SSH key authentication. All access attempts to the VPC are logged with IP address, port/protocol, and time of access and periodically reviewed for unexpected or malicious activity and retained for a period of 1 year.

Security protocols for the transmission of data across the network #

All communications from the VPC are encrypted by SSH (developers) or HTTPS (users of the application). Within the VPC, communications between all services and the database are encrypted via TSL.

Network change management procedures #

When network architecture changes, review by a technical lead must be processed. Additionally, the technical lead will perform annual review of this policy and ongoing compliance.