Abstract: A system and method for protecting information managed by a content management system are disclosed herein. A first server of the content management system receives a request from a user or service to access a data item managed by the content management system. The first server determines a data type associated with the requested data item. The first server accesses a access control list to determine whether the user or service has permission to access data associated with the data type. The first server processes the request, based on a determination that the user or service has permissions to access data associated with the data type.

Abstract: A request to perform a command or operation on a computing system is received from a support user. A clearance level needed to perform that requested command or operation is identified, and a data store that has a pool of cleared users is accessed to identify a cleared user that has an adequate clearance level. The secured user is assigned to the request. A risk level, corresponding to the requested command or operation is identified and surfaced for the secured user. The requested command or operation can be automatically executed, after it is authorized by the secured user.

Abstract: Techniques for managing certificates in segregated networks are disclosed. One example technique includes upon receiving executable instructions of a software application and a reference table containing entries of reference objects in the software application, identifying a digital certificate independently obtained by the segregated network for each of the reference objects. The method also includes generating a mapping table having entries individually identifying the reference objects and data representing the digital certificates. The method further includes deploying for execution to one or more of the servers in the segregated network, the software application along with the generated mapping table. During execution, the software application can dereference one of the reference objects to locate one of the digital certificates in in the generated mapping table corresponding to one of the reference objects.

Abstract: A request to perform a command or operation on a computing system is received from a support user. A clearance level needed to perform that requested command or operation is identified, and a data store that has a pool of cleared users is accessed to identify a cleared user that has an adequate clearance level. The secured user is assigned to the request. A risk level, corresponding to the requested command or operation is identified and surfaced for the secured user. The requested command or operation can be automatically executed, after it is authorized by the secured user.

Abstract: Techniques for managing certificates in segregated networks are disclosed. One example technique includes upon receiving executable instructions of a software application and a reference table containing entries of reference objects in the software application, identifying a digital certificate independently obtained by the segregated network for each of the reference objects. The method also includes generating a mapping table having entries individually identifying the reference objects and data representing the digital certificates. The method further includes deploying for execution to one or more of the servers in the segregated network, the software application along with the generated mapping table. During execution, the software application can dereference one of the reference objects to locate one of the digital certificates in in the generated mapping table corresponding to one of the reference objects.