The Security Module

The Security Module is an optional add-on to your subscription comprised of a collection of features and reporting options available to Form.io users. If you're seeking more robust security capabilities in your deployed environment such as audit logging, data encryption, and container scanning, this package is perfect for you.

Below are the features and details included in the Security Module. Follow the links for more information:

Server logs for more information on who, what, & when things occurred.

Logs for more information on who, what, & when things occurred as it pertains to Form Actions.

Extend the capabilities of any project cycle by giving users the ability to evolve current forms while preserving the integrity of previous iterations.

Track changes to Submission Data and output a PDF audit log document of record for changes made to submission data.

Enables the storage of submission data within a separate database collection, which ensures data separation between collections.

Form.io ensures the security of sensitive data through a multi-layered approach to encryption. At the foundational level, Form.io runs on MongoDB, and when using MongoDB Atlas, encryption at rest and in transit is provided by default, using advanced encryption standards to ensure that all data is protected at multiple layers. Building on this foundation, Form.io adds an additional layer of security through its encrypted fields functionality. This process leverages the robust aes-256-cbc algorithm, a symmetric encryption method known for its high level of security. To perform the encryption and decryption, Form.io utilizes the OpenSSL library via Node.js. Leveraging OpenSSL allows Form.io to securely encrypt data before storing it and decrypt it when necessary, ensuring that sensitive information remains protected throughout its lifecycle. The use of aes-256-cbc ensures that data is encrypted with a 256-bit key, providing a strong defense against unauthorized access.

Container Security Scanning