- VME/Morpeus whitepapee
	- Morning all,
	- Currently there is no formal internal standard requiring a specific set of hardening guidelines (i.e. Guidance on which of these security features to enable)
	- Informally the org has standardized on the CIS benchmarks (level 1 and 2) across all server OSs. These are very well regarded benchmarks in the industry and are widely used.
	- These are currently implemented via the GLBP (GreenLake Image Build Pipeline - also called Zion) and this generates and validates images inline with the CIS L1 & L2 benchmarks.
		- This build tool is current used for PCE, PCE-D, HMV, and starting to be used for PCAI.
		- It builds RHEL, SLES, Ubuntu, etc to these same standards.
		- It's unclear how rigorous the current implementation is (i.e. Are they failing all builds that do not meet the benchmark)
	- To my knowledge Morpheus is shipped as a software package today and are not directly shipping OS images. OS hardening is managed via the downstream solutions (PCE, etc).
- https://pages.github.hpe.com/cloud/dream/docs/overview/strategic-direction.html
  id:: 68168763-e33d-48a5-8e96-2e175f9e67d3
- Security Standards and ATA docs (from tracy)
  id:: 681686ce-6f02-4405-84ab-6a0aa7ca92b7
	- [HPE GreenLake Developer Standards Home Page | HPE GreenLake platform](https://developer.greenlake.hpe.com/docs/greenlake/standards/)
	- Secure Architecture Design:  [Secure Architecture Design | HPE GreenLake Cloud Platform](https://developer.greenlake.hpe.com/docs/greenlake/standards/ratified/security/secure_design_and_architecture/)
	- Secure Coding Policy:  [HPE GreenLake Development Standard for Secure Coding Overview | HPE GreenLake Cloud Platform](https://developer.greenlake.hpe.com/docs/greenlake/standards/policies/secure-coding/)
	- Secure Coding Guide:  [HPE GreenLake Development Standard for Secure Coding | HPE GreenLake Cloud Platform](https://developer.greenlake.hpe.com/docs/greenlake/standards/ratified/secure_coding/secure_coding_and_reviews/)
	- Architectural Threat Analysis
		- Policy requiring ATA:  [HPE GreenLake Development Policy for Secure Architecture Design | HPE GreenLake Platform](https://developer.greenlake.hpe.com/docs/greenlake/standards/policies/secure_design_and_architecture_policy/)
		- Template for ATA:   [Architecture Page Template - GreenLake Cloud Services - Confluence](https://hpe.atlassian.net/wiki/spaces/HCSS/pages/2936935232/Architecture+Page+Template)
		- ATA Requirements:  [Architecture Page Requirements - GreenLake Cloud Services - Confluence](https://hpe.atlassian.net/wiki/spaces/HCSS/pages/2936930970/Architecture+Page+Requirements)
		- ATA Review Details:  [Architecture Page Review - GreenLake Cloud Services - Confluence](https://hpe.atlassian.net/wiki/spaces/HCSS/pages/2936955734/Architecture+Page+Review)
- GLCSS security shartepoint https://hpe.sharepoint.com/sites/msteams_532f51/Shared%20Documents/Forms/AllItems.aspx?id=%2Fsites%2Fmsteams%5F532f51%2FShared%20Documents%2FGeneral%2FGLCS%20Security&viewid=62df5ef0%2Dfdf3%2D46e0%2Db120%2D5d69aacf0a36&FolderCTID=0x012000CDBE6F7A65C81A41A4258F91F273AC29
-