cacert
/
cacert-policies
8
1
Fork 0
Code Issues 3 Pull Requests 1 Packages Projects Releases Wiki Activity

more xhtml

Browse Source 
git-svn-id: http://svn.cacert.org/CAcert/Policies@1880 14b1bab8-4ef6-0310-b690-991c95c89dfd
pull/1/head
Ian Grigg 14 years ago
parent c125e3b856
commit 1acb425079
1 changed files with 23 additions and 20 deletions
Show Stats Download Patch File Download Diff File

43
SecurityPolicy.html
Unescape Escape View File

@ -35,6 +35,7 @@ th {
font-weight: bold;
}
.strike {
color : blue;
text-decoration:line-through;
}
a:hover {
@ -49,19 +50,19 @@ a:hover {
<ul class="change">
<li> 20100421: reviewed and dropped the BLUE changes that introduced AE, etc. </li>
<li> 20100411: rewrote the critical roles to align with ABC requirement, dropped Board. </li>
<li> <big><u>20100404: status changes to WIP</u></big><br />
<li> <big>20100404: status changes to WIP</big><br />
<span class="q"> Security Policy is no longer binding, as of 20100404</span> </li>
<li> 20901213: addition of WIP changes </li>
<li> 20090327: status change to DRAFT <a href="http://wiki.cacert.org/PolicyDecisions#p20090327">p20090327</a>. </li>
</ul>
<p>
WIP Changes are all marked in <span class="change">BLUE</span> or <span class="change"><s>struck-out</s>.</span>
WIP Changes are all marked in <span class="change">BLUE</span> or <span class="strike">struck-out</span>.
Explanatory comments in <span class="q">GREEN</span> are not part of text.<br />
</p>
<p class="q"> Start of Policy</p>
<hr>
<hr />
<h1>Security Policy for CAcert Systems</h1>
<!-- Absolute URL because the policies are located absolutely. -->
@ -70,12 +71,12 @@ Explanatory comments in <span class="q">GREEN</span> are not part of text.<br />
Editor: iang<br />
Status: <b>WIP <a href="https://community.cacert.org/board/motions.php?motion=m20100327.2">m20100327.2</a></b> as of 20100404 00:00:02 UTC<br /><br />
</td><td align="right">
<a href="http://www.cacert.org/policy/PolicyOnPolicy.php"><img align="right" src="Images/cacert-wip.png" alt="Security Policy Status == WIP" border="0"></a>
<a href="http://www.cacert.org/policy/PolicyOnPolicy.php"><img src="Images/cacert-wip.png" alt="Security Policy Status == WIP" style="border-width:0" /></a>
</td></table>
<h2><a name="1">1.</a> INTRODUCTION</h2>
<h2 id="1">1. INTRODUCTION</h2>
<h3><a name="1.1">1.1.</a> Motivation and Scope </h3>
<h3 id="s1.1">1.1. Motivation and Scope </h3>
<p>
This Security Policy sets out the policy
for the secure operation of the CAcert critical computer systems.
@ -217,8 +218,10 @@ The SM says how things are done.
As practices are things that vary from time to time,
including between each event of practice,
the SM is under the direct control of the
<span class="strike">
Systems Administration team
</span>
<span class="change">
<s>Systems Administration team</s>
applicable team leaders.
</span>
It is located and version-controlled on the CAcert wiki.
@ -393,7 +396,7 @@ Arbitrator must be sought as soon as possible.
See DRP.
</p>
<h4><a name="2.3.5">2.3.5.</a> Physical Security codes & devices </h4>
<h4><a name="2.3.5">2.3.5.</a> Physical Security codes &amp; devices </h4>
<p>
All personel who are in possession of physical security
@ -550,7 +553,7 @@ authorisations on the below access control lists
(see &sect;1.1.1):
</p>
<table align="center" border="1"> <tr>
<center><table border="1"> <tr>
<td>List Name</td>
<td>Who</td>
<td>Purpose of access</td>
@ -561,13 +564,13 @@ authorisations on the below access control lists
<td>Access Engineers</td>
<td>control of access by personnel to hardware</td>
<td>exclusive of all other roles </td>
<td><span class="change">Access team leader <s>Board of CAcert (or designee)</s></span></td>
<td><span class="change">Access team leader</span> <span class="strike">Board of CAcert (or designee)</span></td>
</tr><tr>
<td>Physical Access List</td>
<td>Systems Administrators</td>
<td>hardware-level for installation and recovery</td>
<td>exclusive with Access Engineers and Software Assessors</td>
<td><span class="change">systems administration team leader <s>Board of CAcert (or designee)</s></span></td>
<td><span class="change">systems administration team leader</span> <span class="strike">Board of CAcert (or designee)</span></td>
</tr><tr>
<td>SSH Access List</td>
<td>Systems Administrators <span class="change">and Application Engineers </span></td>
@ -584,9 +587,9 @@ authorisations on the below access control lists
<td>Support Access List</td>
<td>Support Engineer</td>
<td>support features in the web application</td>
<td> includes by default all <span class="change">Application Engineers <s>systems administrators</s> </span> </td>
<td><span class="change"><s>systems administration</s> support</span> team leader</td>
</tr></table>
<td> includes by default all <span class="change">Application Engineers</span> <span class="strike">systems administrators </span> </td>
<td><span class="strike">systems administration</span> <span class="change">support</span> team leader</td>
</tr></table></center>
<p>
@ -1002,13 +1005,13 @@ Bug submission access should be provided to
any Member that requests it.
</p>
<h3> <a name="7.6"> 7.6. </a> <s>Handover</s> <span class="change">Production</span> </h3>
<h3> <a name="7.6"> 7.6. </a> <span class="strike">Handover</span> <span class="change">Production</span> </h3>
<p class="change">
The Application Engineer is a role within Software Assessment
team that is approved to install into production the
patches that are signed off.
<s>
<span class="strike">
Once signed off, the Application Engineer
commits the patch from the development repository
to the production repository,
@ -1017,7 +1020,7 @@ into the running code.
The Application Engineer is responsible for basic
testing of functionality and emergency fixes,
which then must be back-installed into the repositories.
</s>
</span>
</p>
<p class="change">
@ -1349,7 +1352,7 @@ Components may be outsourced.
Team leaders may outsource non-critical components
on notifying the Board.
Critical components must be approved by the Board.
<p>
</p>
<p>
Any outsourcing arrangements must be documented.
@ -1429,7 +1432,7 @@ Relevant and helpful Documents should be referenced for convenience.
<hr>
<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-html401-blue.png" id="graphics2" alt="Valid HTML 4.01" align="right" border="0" height="33" width="90"></a>
<hr />
<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-html401-blue.png" id="graphics2" alt="Valid HTML 4.01" border="0" style="float: right; border-width: 0" height="33" width="90" /></a>
<p class="q">This is the end of the Security Policy.</p>
</body></html>

Write Preview
Loading…
Cancel
Save