Skip to Content
Nemu Inc.
Server SecurityπŸ–₯️ System Configuration and Hardening Standards

πŸ–₯️ System Configuration and Hardening Standards

1. Purpose

This document defines Nemu Inc.’s approach to system configuration and hardening for workloads and operating systems used to deliver its services.

2. CSP-Managed Infrastructure

Nemu Inc. primarily relies on:

  • Render: for hosting application services in managed containers or runtimes.
  • Supabase: for managed Postgres and storage.

These providers are responsible for:

  • Operating system patching and base system hardening.
  • Secure default configurations for network and storage.

3. Application-Level Hardening

Within the application and runtime layer, Nemu Inc.:

  • Uses minimal base images where custom containers are needed.
  • Avoids unnecessary services, ports, and packages.
  • Enforces HTTPS and secure cookie settings for web-facing applications.
  • Configures Node.js and Next.js apps with environment-specific configuration and secret management.

4. Workstations and Local Services

Where local development or server processes run on workstations:

  • OS-level security settings align with endpoint security standards.
  • Access to local services is restricted to the developer or team as needed.

5. Audit Evidence

  • Dockerfile or runtime configuration examples.
  • CSP documentation on managed runtime security.
  • Internal documentation referencing hardened configuration choices.

6. Compliance Mapping

  • SOC 2: CC6.6, CC7.1
  • ISO 27001:2013: A.12.1.2, A.14.2.5

Contact: support@mynemu.com
Β© 2025 Nemu Inc.. All rights reserved.

Last updated on
Server SecurityThreat Management