If you discover a security vulnerability in this framework or its templates, please report it responsibly.
- Do NOT open a public GitHub issue for security vulnerabilities
- Use GitHub's private vulnerability reporting (Security tab → Report a vulnerability), or contact the maintainers directly with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment within 48 hours
- Status update within 7 days
- Coordinated disclosure after fix is available
This security policy covers:
- Documentation content that could lead to insecure implementations
- Template files (Excel) containing sensitive formulas or macros
- Example configurations that could expose systems
When implementing this framework:
- Review all controls with your security team
- Validate configurations in non-production environments
- Follow your organization's change management processes
- Maintain audit trails for all implementations
FSI Agent Governance Framework v1.0 Beta