From a policy/procedural perspective there is possibly a disconnect between what sys admin/devops are aware of, and what archivists/managers understand of technical measures implemented relating to data security.
From my position I would probably like to see some reference in the User Guide that these issues are covered under the Admin Guide - installation configs. Unless i've missed it? I looked for questions relating to virus checking and encryption in transit on the community forum, but didn't think to look at the installation config guides - which wouldn't be clear to me anymore, without further questions.
I'm happy to make a pull request, but it seems there is sufficient info for administrators from both your responses. Let me know what you think.