Best Practices Document for Federal Cybersecurity

Hello Anaconda Community,
I am not sure if this is the correct topic area, but my office is new to using Anaconda and is looking for best practices for cybersecurity and FISMA compliance such as:

  1. Code/library scanning for CVE findings
  2. Governance and approval of new libraries
  3. Difference between the conda-forge channel, the default, channel, and managing dependencies
  4. Segregating applications to different environments and version management.
  5. Managing anaconda environments across DEV, TEST, and PROD systems in the infrastructure.

Any advice would be greatly appreciated.