ISMS Compliance
CyFun BasicProtect

PR.DS-2: Data-in-transit protection

Data-in-transit is protected

PROTECTPR.DS-2

Requirement

This control is covered by other elements of the framework; no additional requirements are identified.

Our Implementation

All data in transit is protected with TLS 1.2 or higher. HTTPS is enforced on all web applications and API endpoints — unencrypted HTTP connections are automatically redirected. Inter-service communication between cloud providers (e.g., Vercel to Supabase, Modal to Qdrant) uses TLS-encrypted connections.

API authentication uses JWT tokens issued by Supabase Auth, ensuring that all API requests are both encrypted and authenticated. Supabase database connections use SSL/TLS encryption.

Gaps / Planned improvements:

  • No certificate pinning implemented — relying on standard TLS certificate validation (NEX-379)

Evidence

ImplementedL2 — Repeatable

PR.DS-1: Data-at-rest protection

Data-at-rest is protected

PR.DS-3: Asset disposal

Assets are formally managed throughout removal, transfers, and disposition

On this page

RequirementOur ImplementationEvidence