Team for Capella has several ways to handle sensitive data:
- Setting the CDO server to accept only SSL connections (acceptor tag) so communications between the clients and the server are secured.
- Encrypting the database files: Database security is not handled by Team for Capella, it just stores and manages models in a database using the framework CDO. CDO can store models with different databases. However, Team for Capella is tested with an H2 database, so that is the one we support, but it works with other solutions. There are documentations about how to encrypt the .db files it manages (http://www.h2database.com/html/features.html#file_encryption). I do not think we ever tested it and I do not know the impact on performances. The point here is that you can choose the settings of the database, including encryption.
- User management: Not only, you can define which users are able to connect to the repository, you can have multiple repositories on the same server with different user lists. You can also use the “User Profile” mode to define write rules and limit the model edition scope.
I am not sure how to answer your question on the full or partial encryption of the models depending on if you are working on the models or not. First, it depend on how you manage the model. By default, we use and support a H2 database (but it could be a plain file or stored only in memory. CDO offers different possibilities). Therefore the models you handle in Team for Capella are stored as database tables in .db files. I think the encryption in this case is globaly set for the whole .db files depending on how you set it. If your questions were about encrypting the model elements displayed in Team for Capella that are not currently edited, then this feature is not available. It may not be too hard to have that feature. It may just require a custom LabelProvider, but we would need more information for a proper solution.
Finally, I think that all the Team for Capella users I interacted with used a private network. Even if some uses a SSL connection, LDAP authentication etc, the server was not accessible from outside. I do not think I heard of cybersecurity assessment by I will ask around.