Adobe Operational Security To help ensure that all Adobe products and services are designed from inception with security best practices in mind, the operational security team created the Adobe Operational Security Stack (OSS). The OSS is a consolidated set of tools that help product developers and engineers improve their security posture and reduce risk to both Adobe and our customers while also helping drive Adobe-wide adherence to compliance, privacy, and other governance frameworks. Monitoring IaaS Monitoring | Vulnerability Scanning | Hubble (Host) Scanning Syslog | Port Scanning | Container Scanning | Kubernetes Monitoring Workflow Secure Host Login | Secret Storage | Central Cloud Account Provisioning Image Factory | Secure Cloud Policy Infrastructure SIEM | Bug Database | Central Cloud Account Provisioning Active Directory | Container Inventory Process Ticketing | Dashboards Figure 7: The Adobe Operational Security Stack Adobe maintains several published standards covering our ongoing cloud operations that are available for view upon request. For a detailed description of the Adobe OSS and the specific tools used throughout Adobe, please see the Adobe Operational Security Overview. Adobe Enterprise Security In addition to securing our products and services as well as our cloud hosting operations, Adobe also employs a variety of internal security controls to help ensure the security of our internal networks and systems, physical corporate locations, employees, and our customers’ data. For more information on our enterprise security controls and standards we have developed for these controls, please see the Adobe Enterprise Security Overview. 13