734 7431708
Location P.O. Box Atlanta, Georgia, US
Email [email protected]
Menu
Donate Now!

Government Policy

Council of Affairs for Naturally Occurring Autochthon (CANOA) is committed to ensuring the security of the Aborigine American of the Mississippian Confederacy by protecting information. This document is intended to continue its ongoing protection and government policy to beware of documentation and language that can jeopardize our security guidelines for safe and effective quality of life and cultural mobility.

Our goal and mission is to convey our preferences as to how we will communicate without causing or creating space for vulnerability to our Nation members and their cases. We expect potential vulnerabilities to occur within our systems. However, when these vulnerabilities are noticed they must immediately be reported so we can initiate an action to mitigate against any vulnerability.

This policy describes:

  • What systems and types of research are covered under this policy;
  • How to send a vulnerability reports; and,
  • How long we ask researchers to wait before disclosing vulnerabilities.

Authorization

If you make a good trustworthy effort to comply with this policy while advocating or unknowing exploit documentation, we will consider your efforts and we will work with you to understand and resolve the issue quickly.

Guidelines

Under this policy, “protection and council” means activities in which you:

  • Notify us as soon as possible after you discover a real or potential security risk;
  • Make every effort to avoid privacy violations, degradation of user experience, disruption to our systems, and destruction or manipulation of data;
  • Only use exploits to the extent necessary to confirm a vulnerability’s presence;
  • Do not use an exploit to compromise or exfiltrate data, establish persistent command line access, or use the exploit to pivot to other systems;
  • Provide us a reasonable amount of time no more than 90 days to resolve the matter.
  • Do not submit a high volume of low-quality reports.

Once you have established that a vulnerability exists or encounter any sensitivity data, including personally identifiable information, financial information, or proprietary information or secrets of any party, you must stop and notify us immediately, and not disclose this data to anyone else.