Security & Privacy

DSS Nexus Security Posture

DRAFT — REQUIRES SECURITY AND LEGAL REVIEW. DSS Nexus is structured for private beta validation with explicit controls, conservative upload guidance, and a roadmap toward production-grade enterprise security.

Controlled beta first.

Operated by DeSouza Strategic Systems LLC under the DSS Advisory Group public brand. Do not upload sensitive government, customer, pricing, or regulated files until production controls are approved.

Implemented

Current Beta Controls

DRAFT — REQUIRES SECURITY AND LEGAL REVIEW. Security headers: HSTS, frame protection, no-sniff, referrer policy, permissions policy, and CSP baseline.
API request identifiers and local rate-limit scaffolding for abuse control during beta testing.
Beta owner access workflow with controlled approval states and token-based review access.
AI run logging for router decisions, latency, source type, validation status, and citation counts.
Decision-support notices on AI, pricing, legal, and proposal workflows.
Before public launch

Required Hardening

Production authentication with durable sessions, MFA readiness, passwordless/SSO option, and token revocation.
Tenant-scoped database authorization on every API route and Prisma query.
Durable audit logging for login, export, scoring, proposal, billing, and administrator activity.
Centralized secrets management, environment separation, observability, alerting, and incident-response workflow.
Document retention, deletion, export, support access, and data-processing policies.
Decision-support boundary

Users remain responsible for regulated business decisions.

DSS Nexus provides workflow automation and decision support. It does not replace source verification, procurement judgment, legal review, compliance review, pricing approval, or authorized proposal submission.