more xhtml
git-svn-id: http://svn.cacert.org/CAcert/Policies@1880 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
parent
c125e3b856
commit
1acb425079
1 changed files with 23 additions and 20 deletions
|
@ -35,6 +35,7 @@ th {
|
|||
font-weight: bold;
|
||||
}
|
||||
.strike {
|
||||
color : blue;
|
||||
text-decoration:line-through;
|
||||
}
|
||||
a:hover {
|
||||
|
@ -49,19 +50,19 @@ a:hover {
|
|||
<ul class="change">
|
||||
<li> 20100421: reviewed and dropped the BLUE changes that introduced AE, etc. </li>
|
||||
<li> 20100411: rewrote the critical roles to align with ABC requirement, dropped Board. </li>
|
||||
<li> <big><u>20100404: status changes to WIP</u></big><br />
|
||||
<li> <big>20100404: status changes to WIP</big><br />
|
||||
<span class="q"> Security Policy is no longer binding, as of 20100404</span> </li>
|
||||
<li> 20901213: addition of WIP changes </li>
|
||||
<li> 20090327: status change to DRAFT <a href="http://wiki.cacert.org/PolicyDecisions#p20090327">p20090327</a>. </li>
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
WIP Changes are all marked in <span class="change">BLUE</span> or <span class="change"><s>struck-out</s>.</span>
|
||||
WIP Changes are all marked in <span class="change">BLUE</span> or <span class="strike">struck-out</span>.
|
||||
Explanatory comments in <span class="q">GREEN</span> are not part of text.<br />
|
||||
</p>
|
||||
|
||||
<p class="q"> Start of Policy</p>
|
||||
<hr>
|
||||
<hr />
|
||||
|
||||
<h1>Security Policy for CAcert Systems</h1>
|
||||
<!-- Absolute URL because the policies are located absolutely. -->
|
||||
|
@ -70,12 +71,12 @@ Explanatory comments in <span class="q">GREEN</span> are not part of text.<br />
|
|||
Editor: iang<br />
|
||||
Status: <b>WIP <a href="https://community.cacert.org/board/motions.php?motion=m20100327.2">m20100327.2</a></b> as of 20100404 00:00:02 UTC<br /><br />
|
||||
</td><td align="right">
|
||||
<a href="http://www.cacert.org/policy/PolicyOnPolicy.php"><img align="right" src="Images/cacert-wip.png" alt="Security Policy Status == WIP" border="0"></a>
|
||||
<a href="http://www.cacert.org/policy/PolicyOnPolicy.php"><img src="Images/cacert-wip.png" alt="Security Policy Status == WIP" style="border-width:0" /></a>
|
||||
</td></table>
|
||||
|
||||
<h2><a name="1">1.</a> INTRODUCTION</h2>
|
||||
<h2 id="1">1. INTRODUCTION</h2>
|
||||
|
||||
<h3><a name="1.1">1.1.</a> Motivation and Scope </h3>
|
||||
<h3 id="s1.1">1.1. Motivation and Scope </h3>
|
||||
<p>
|
||||
This Security Policy sets out the policy
|
||||
for the secure operation of the CAcert critical computer systems.
|
||||
|
@ -217,8 +218,10 @@ The SM says how things are done.
|
|||
As practices are things that vary from time to time,
|
||||
including between each event of practice,
|
||||
the SM is under the direct control of the
|
||||
<span class="strike">
|
||||
Systems Administration team
|
||||
</span>
|
||||
<span class="change">
|
||||
<s>Systems Administration team</s>
|
||||
applicable team leaders.
|
||||
</span>
|
||||
It is located and version-controlled on the CAcert wiki.
|
||||
|
@ -393,7 +396,7 @@ Arbitrator must be sought as soon as possible.
|
|||
See DRP.
|
||||
</p>
|
||||
|
||||
<h4><a name="2.3.5">2.3.5.</a> Physical Security codes & devices </h4>
|
||||
<h4><a name="2.3.5">2.3.5.</a> Physical Security codes & devices </h4>
|
||||
|
||||
<p>
|
||||
All personel who are in possession of physical security
|
||||
|
@ -550,7 +553,7 @@ authorisations on the below access control lists
|
|||
(see §1.1.1):
|
||||
</p>
|
||||
|
||||
<table align="center" border="1"> <tr>
|
||||
<center><table border="1"> <tr>
|
||||
<td>List Name</td>
|
||||
<td>Who</td>
|
||||
<td>Purpose of access</td>
|
||||
|
@ -561,13 +564,13 @@ authorisations on the below access control lists
|
|||
<td>Access Engineers</td>
|
||||
<td>control of access by personnel to hardware</td>
|
||||
<td>exclusive of all other roles </td>
|
||||
<td><span class="change">Access team leader <s>Board of CAcert (or designee)</s></span></td>
|
||||
<td><span class="change">Access team leader</span> <span class="strike">Board of CAcert (or designee)</span></td>
|
||||
</tr><tr>
|
||||
<td>Physical Access List</td>
|
||||
<td>Systems Administrators</td>
|
||||
<td>hardware-level for installation and recovery</td>
|
||||
<td>exclusive with Access Engineers and Software Assessors</td>
|
||||
<td><span class="change">systems administration team leader <s>Board of CAcert (or designee)</s></span></td>
|
||||
<td><span class="change">systems administration team leader</span> <span class="strike">Board of CAcert (or designee)</span></td>
|
||||
</tr><tr>
|
||||
<td>SSH Access List</td>
|
||||
<td>Systems Administrators <span class="change">and Application Engineers </span></td>
|
||||
|
@ -584,9 +587,9 @@ authorisations on the below access control lists
|
|||
<td>Support Access List</td>
|
||||
<td>Support Engineer</td>
|
||||
<td>support features in the web application</td>
|
||||
<td> includes by default all <span class="change">Application Engineers <s>systems administrators</s> </span> </td>
|
||||
<td><span class="change"><s>systems administration</s> support</span> team leader</td>
|
||||
</tr></table>
|
||||
<td> includes by default all <span class="change">Application Engineers</span> <span class="strike">systems administrators </span> </td>
|
||||
<td><span class="strike">systems administration</span> <span class="change">support</span> team leader</td>
|
||||
</tr></table></center>
|
||||
|
||||
|
||||
<p>
|
||||
|
@ -1002,13 +1005,13 @@ Bug submission access should be provided to
|
|||
any Member that requests it.
|
||||
</p>
|
||||
|
||||
<h3> <a name="7.6"> 7.6. </a> <s>Handover</s> <span class="change">Production</span> </h3>
|
||||
<h3> <a name="7.6"> 7.6. </a> <span class="strike">Handover</span> <span class="change">Production</span> </h3>
|
||||
|
||||
<p class="change">
|
||||
The Application Engineer is a role within Software Assessment
|
||||
team that is approved to install into production the
|
||||
patches that are signed off.
|
||||
<s>
|
||||
<span class="strike">
|
||||
Once signed off, the Application Engineer
|
||||
commits the patch from the development repository
|
||||
to the production repository,
|
||||
|
@ -1017,7 +1020,7 @@ into the running code.
|
|||
The Application Engineer is responsible for basic
|
||||
testing of functionality and emergency fixes,
|
||||
which then must be back-installed into the repositories.
|
||||
</s>
|
||||
</span>
|
||||
</p>
|
||||
|
||||
<p class="change">
|
||||
|
@ -1349,7 +1352,7 @@ Components may be outsourced.
|
|||
Team leaders may outsource non-critical components
|
||||
on notifying the Board.
|
||||
Critical components must be approved by the Board.
|
||||
<p>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Any outsourcing arrangements must be documented.
|
||||
|
@ -1429,7 +1432,7 @@ Relevant and helpful Documents should be referenced for convenience.
|
|||
|
||||
|
||||
|
||||
<hr>
|
||||
<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-html401-blue.png" id="graphics2" alt="Valid HTML 4.01" align="right" border="0" height="33" width="90"></a>
|
||||
<hr />
|
||||
<a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-html401-blue.png" id="graphics2" alt="Valid HTML 4.01" border="0" style="float: right; border-width: 0" height="33" width="90" /></a>
|
||||
<p class="q">This is the end of the Security Policy.</p>
|
||||
</body></html>
|
||||
|
|
Loading…
Reference in a new issue