Each procedure must be referenced explicitly in the Security Manual.
Each procedure must be referenced explicitly in the Security Manual.
</p>
</p>
<h2><atarget="2">2.</a> Physical Security</h2>
<p>
Physical assets and security procedures are generally provided and maintained as set forth in the Memorandum of Understanding between CAcert and Stichting Oophaga Foundation of 10 July 2007, and as amended from time to time. Approval of both boards of CAcert and Oophaga is required for changes to the MoU.
</p>
<p>
The MoU places responsibility for the physical assets (hardware), hosting and for control of access to the hardware with Oophaga.
</p>
<h3><aname="2.1">2.1.</a> Facility </h3>
<p>
CAcert shall host critical servers in a highly secure facility.
There shall be independent verification of the physical and
access security.
</p>
<h3><aname="2.2">2.2.</a> Physical Assets </h3>
<ulclass="q"><li>
Big question here is whether Oophaga falls inside SP/SM or not.
</li><li>
2nd Big Question is whether Oophaga is in SP or in SM.
</li></ul>
<h4><aname="2.2.1">2.2.1.</a> Computers </h4>
<p>
Computers shall be inventoried before being put into service.
Inventory list shall be available to all Systems Administrators.
Units shall have nickname clearly marked on front and rear of chassis.
Machines shall be housed in secured facilities (cages and/or locked racks).
All personel who are in possession of physical security
codes and devices (keys) are to be authorised and documented.
</p>
<hr>
<h2><aname="end">End</a></h2>
<h2><aname="end">End</a></h2>
<p>This is the end of the Security Policy.</p>
<p>This is the end of the Security Policy.</p>
<p><ahref="http://validator.w3.org/check?uri=referer"><imgsrc="Images/valid-html401-blue.png"id="graphics2"alt="Valid HTML 4.01"align="bottom"border="0"height="33"width="90"></a>
<p><ahref="http://validator.w3.org/check?uri=referer"><imgsrc="Images/valid-html401-blue.png"id="graphics2"alt="Valid HTML 4.01"align="bottom"border="0"height="33"width="90"></a>