<p><ahref="PolicyOnPolicy.html"><imgsrc="Images/cacert-wip.png"id="graphics1"alt="CAcert Security Policy Status == wip"align="bottom"border="0" height="33"width="90"></a>
<p><ahref="PolicyOnPolicy.html"><imgsrc="Images/cacert-wip.png"alt="CAcert Security Policy Status == wip"border="0"></a>
<br>
Creation date: 2009-02-16<br>
Status: <i>work-in-progress</i>
@ -166,15 +134,9 @@ for audit purposes (DRC).
It is under the control of Policy on Policy for version purposes.
</p>
<palign="center">These parts are not part of the policy: <spanclass="q">green comments</span>, <spanclass="error">red errors</span>.</p>
<p>
This policy document says what is done, rather than how to do it.
<spanclass="change">
<b>Some sections are empty, which means
"refer to the Manual."</b>
</span>
<b>Some sections are empty, which means "refer to the Manual."</b>
</p>
<h4><aname="1.4.2">1.4.2.</a> The Security Manual (Practices) Document </h4>
@ -194,10 +156,8 @@ It is located and version-controlled on the CAcert wiki.
Section Headings are the same in both documents.
Where Sections are empty in one document,
they are expected to be documented in the other.
<spanclass="change">
"Document further in Security Manual" can be implied from
any section heading in the Policy.
</span>
</p>
<h4><aname="1.4.3">1.4.3.</a> The Security Procedures </h4>
@ -225,16 +185,6 @@ access security.
<h3><aname="2.2">2.2.</a> Physical Assets </h3>
<ulclass="q"><li>
Big change is to place Oophaga INSIDE the SM/SP.
</li><li>
2nd Change is to place Oophaga in SP and in SM:
<ul>
<li> role of Access Engineer is in SP.</li>
<li> detail in the SM.</li>
</ul>
</li></ul>
<h4><aname="2.2.1">2.2.1.</a> Computers </h4>
<p>
Computers shall be inventoried before being put into service.
@ -244,9 +194,7 @@ List must be subject to change control.
</p>
<p>
<spanclass="change">
Each unit shall be distinctly and uniquely identified on all visible sides.
</span>
Machines shall be housed in secured facilities (cages and/or locked racks).
</p>
@ -343,11 +291,9 @@ one systems administrator present.
</p>
<p>
<spanclass="change">
There is no inherent authorisation to access the data.
Systems Administrators are authorised to access
the raw data under the control of this policy.
</span>
All others must not access the raw data.
All are responsible for protecting the data
from access by those not authorised.
@ -363,13 +309,11 @@ All physical accesses are logged and reported to all.
<p>
There must not be a procedure for emergency access.
<spanclass="change">
If, in the judgement of the systems administrator,
emergency access is required and gained,
in order to avoid a greater harm,
independent authorisation before the
Arbitrator must be sought as soon as possible.
</span>
See DRP.
</p>
@ -393,9 +337,7 @@ systems administration team leader.
These diagrams should include cabling information,
physical port configuration details,
expected/allowed data flow directions,
<spanclass="change">
and any further pertinent information,
</span>
as applicable.
Diagrams should be revision controlled,
and must be updated when any change is made.
@ -409,12 +351,10 @@ should be visible externally;
systems and servers which do not require access
to the Internet for their normal operation
must not be granted that access.
<spanclass="change">
If such access becomes temporarily necessary for an
authorized administrative task,
such access may be granted under the procedures of the SM
and must be reported and logged.
</span>
</p>
<h5> 3.1.1.2. Internal connectivity </h5>
@ -470,8 +410,6 @@ Documentation for installing and configuring servers with the appropriate softwa
<h4><aname="3.2.3"> 3.2.3.</a> Patching </h4>
<pclass="q">A.1.i, A.1.k:</p>
<p>
Software used on production servers must be kept current with respect to patches affecting software security. Patch application is governed by CCS and must be approved by the systems administration team leader, fully documented in the logs and reported by email to the systems administration list on completion (see §4.2).
</p>
@ -487,11 +425,7 @@ an emergent local exploit may also be deemed to be an emergency).
Application of patches in this case may occur as soon as possible,
bypassing the normal configuration-change process.
The systems administration team leader must either approve the patch,
instruct remedial action,
<spanclass="change">
and
</span>
refer the case to dispute resolution.
instruct remedial action, and refer the case to dispute resolution.
</p>
<p>
@ -500,10 +434,8 @@ Declaration of an emergency patching situation should not occur with any regular
</b>
Emergency patch events must be documented
within the regular summaries
<spanclass="change">
by the team leader to Board
independent of filed disputes.
</span>
</p>
<h3><aname="3.3"> 3.3.</a> Application </h3>
@ -519,39 +451,32 @@ approve the installation of each release or patch.