# Security Posture

## Private ingress

- Prefer PSC and internal load balancers.
- Restrict inbound access to approved ranges.

## Governance

- Enforce policy gates in CI.
- Require approval for production applies.