Topics Map > Help and Training
Topics Map > Safety and Security

Cybersecurity, Endpoint and Data Stores Documentation Examples

Example Endpoint and Data Store Documentation

About Endpoint and Data Stores Documentation

The purpose of this document is to provide guidance and examples on how to properly document API endpoints and data stores.

Properly documenting endpoints and data stores is expected and helps comply with the IT-08 Development Process Standard IT-08.4.1.

In many cases a text table located in in the code repository will suffice.

Example Endpoint Documentation

The documentation for an application should include a list of endpoints the application uses and their purposes.

Recording additional fields can assist during routine maintenance or when responding to a cybersecurity incident.

Example endpoint documentation table
Endpoint Type Purpose Stage Access Contact LDAP User lookup Prod Read Only < group contact email address > JSON REST API Chat Bot Notification Prod Read/Write < URL to group contact list page > XML API Ticketing Prod Read/Write < group contact email address > XML API Ticketing - Testing Test Read/Write See 'Prod' row.

Example Data Store Documentation

The record for the data stores should list the highest data sensitivity of any data in that data store.

Example Data Store Documentation table
Data Store Data Type Sensitivity Notes
ICSDB MySQL DB Public Read Only - For finding and comparing local ice cream shops
HeavyRock DB MongoDB Internal Read Only - A list of potential rocks to send through the mail
WatcherDB MySQL DB High Risk Read Only - For observing the universe. High sensitivity because it knows all and sees all.

Keywordssecurity, developer, sdlc, cybersecurity, devops, secdevops   Doc ID111571
OwnerSecurity S.GroupUniversity of Illinois Technology Services
Created2021-06-09 11:07:10Updated2024-01-03 12:40:59
SitesUniversity of Illinois Technology Services
Feedback  0   0