From 62fd842c6565e95e269b80b6cb776c537484c830 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Lafoucrie=CC=80re?=
 <philippe.lafoucriere@tech-angels.com>
Date: Wed, 28 Nov 2018 15:19:45 -0500
Subject: Add RED data security requirement to code review

closes #8608
---
 doc/development/code_review.md | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'doc')

diff --git a/doc/development/code_review.md b/doc/development/code_review.md
index df2cb30c5d6..fd8c8091ca2 100644
--- a/doc/development/code_review.md
+++ b/doc/development/code_review.md
@@ -53,6 +53,8 @@ from teams other than your own.
 
 #### Security requirements
 
+   1. If your merge request is processing, storing, or transferring any kind of [RED or ORANGE data][https://docs.google.com/document/d/15eNKGA3zyZazsJMldqTBFbYMnVUSQSpU14lo22JMZQY/edit] (this is a confidential document), it must be
+      **approved by a [Security Engineer][team]**.
    1. If your merge request involves implementing, utilizing, or is otherwise related to any type of authentication, authorization, or session handling mechanism, it must be
       **approved by a [Security Engineer][team]**.
    1. If your merge request has a goal which requires a cryptographic function such as: confidentiality, integrity, authentication, or non-repudiation, it must be
-- 
cgit v1.2.3