Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.This project is not covered by Drupal’s security advisory policy.
Secure Drupal is a Drupal Recipe that establishes an enterprise security baseline aligned to common control frameworks (FedRAMP, HIPAA, NIST 800-53, PCI DSS, SOC 2). It applies to existing sites or new builds and is designed to pair opinionated configuration with automated verification (tests/policy gates) so drift is detectable in CI.
Optional integration is available with Cedar Policy as a compliance policy gate (formerly gov_compliance). The recipe installs and configures security/audit modules such as seckit, security_review, password_policy, audit_log, tfa, and captcha, and is composed of five sub-recipes: Security Core Hardening, Advanced Security, Compliance Frameworks, Security Monitoring, and Compliance Content.
Important: this project is NOT covered by Drupal’s security advisory policy. Use at your own risk and perform an independent security review before relying on it for regulated workloads.
Supporting organizations:
Key Contributor
Project information
- Created by darren oh on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
