# Standards + Guidelines

> Standards and guidelines are basically recommended security measures and controls to be considered for implementation by the switch core team and hub operators. The target audience is architects, implementation engineers, security management and IT Ops.

## 1. Design Principles

* 1. [Coding Standards](https://github.com/mojaloop/documentation/tree/58bb7a76167c306893f93419a63c2cde1d211016/quality-security/contributors-guide/standards/README.md)

## 2. Scheme Trust Architecture

* 1. [Encryption Standard](https://docs.mojaloop.io/mojaloop-specification/documents/Encryption.html)
* 1. [Signature Standard](https://docs.mojaloop.io/mojaloop-specification/documents/Signature.html)
* 1. [PKI Best Practice Standard](https://docs.mojaloop.io/mojaloop-specification/documents/PKI%20Best%20Practices.html)
* 1. [Interledger Cryptographic interlock](https://docs.mojaloop.io/mojaloop-specification/documents/API%20Definition%20v1.0.html#4-interledger-protocol)
* 1. Cryptographic Processing Module (CPM) Designs:
     * [CPM High Level Design](https://github.com/mojaloop/documentation-artifacts/blob/master/reference/cpm_high_level_design_v1.0.pdf)
     * [CPM Techincal Spec](https://github.com/mojaloop/documentation-artifacts/blob/master/reference/cpm_design_technical_spec_v1.0.pdf)
     * [CPM Design Framework](https://github.com/mojaloop/documentation-artifacts/blob/master/reference/cpm_design_framework_v1.0.pdf)
     * [CPM Use Cases](https://github.com/mojaloop/documentation-artifacts/blob/master/reference/cpm_design_use_cases_v1.0.pdf)

## 3. Data Protection Standards

* 1. [Secure Kafka and Zookeeper Standard](https://github.com/mojaloop/documentation-artifacts/blob/master/reference/kafka_zookeeper_security_standard_v1.0.pdf)
* 1. Secure Logging + Auditing Standard
     * [Audit + Logging Standard](https://github.com/mojaloop/documentation/tree/58bb7a76167c306893f93419a63c2cde1d211016/quality-security/standards-guidelines/audit_logging_standard.md)
     * [Log Analyis Report](https://github.com/mojaloop/documentation/tree/58bb7a76167c306893f93419a63c2cde1d211016/quality-security/standards-guidelines/log_analysis_report.md)

       c) [Database Security Standard](https://github.com/mojaloop/documentation-artifacts/blob/master/reference/database_security_standard_v1.0.pdf)

       **4. Security Architectural Reviews**
* 1. [Mojaloop Portals](https://github.com/mojaloop/documentation-artifacts/blob/master/reference/portal_threat_models_v1.0.pdf)
* 1. [PISP Linking and Transfer Flows](https://github.com/mojaloop/documentation-artifacts/blob/master/reference/pisp_thread_analysis_v1.0.pdf)

## 5. Secure Network Access

* [Standard and Recommendations](https://github.com/mojaloop/documentation-artifacts/blob/master/reference/secure_network_access_v1.0.pdf)