From 717fcb9c81d2bc3cc7a84a3ebea6572d7ff0f5cf Mon Sep 17 00:00:00 2001
From: doc <doc@filenotfound.org>
Date: Mon, 30 Jun 2025 20:06:28 +0000
Subject: uploading documentation

---
 .../security/security-encryption-standards.md      | 23 ++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 genesishosting/security/security-encryption-standards.md

(limited to 'genesishosting/security/security-encryption-standards.md')

diff --git a/genesishosting/security/security-encryption-standards.md b/genesishosting/security/security-encryption-standards.md
new file mode 100644
index 0000000..6d9139c
--- /dev/null
+++ b/genesishosting/security/security-encryption-standards.md
@@ -0,0 +1,23 @@
+# Encryption Standards
+
+Encryption is applied to all data in transit and at rest across Genesis Hosting Technologies infrastructure.
+
+## In Transit
+
+- HTTPS via TLS 1.3 (minimum TLS 1.2 for legacy fallback)
+- SFTP for all file transfers
+- SSH for all administrative access
+- rclone with TLS for object storage replication
+
+## At Rest
+
+- ZFS encryption on backup pools
+- PostgreSQL encryption at the database or filesystem level
+- WHMCS and DirectAdmin credentials hashed and salted
+- Backups encrypted with AES-256 before remote transfer
+
+## Key Management
+
+- SSH keys rotated every 6 months
+- Let's Encrypt certs auto-renew every 90 days
+- Master encryption keys stored offline and version-controlled
-- 
cgit v1.2.3