|
|
|
@ -8,10 +8,10 @@
|
|
|
|
<body lang="en-GB">
|
|
|
|
<body lang="en-GB">
|
|
|
|
|
|
|
|
|
|
|
|
<h1>Security Policy for CAcert Systems</h1>
|
|
|
|
<h1>Security Policy for CAcert Systems</h1>
|
|
|
|
<p><a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" alt="CAcert Security Policy Status == wip" border="0"></a>
|
|
|
|
<p><a href="PolicyOnPolicy.html"><img src="Images/cacert-draft.png" alt="CAcert Security Policy Status == wip" border="0"></a>
|
|
|
|
<br>
|
|
|
|
<br>
|
|
|
|
Creation date: 20090216<br>
|
|
|
|
Creation date: 20090216<br>
|
|
|
|
Status: <i>work-in-progress</i>, to DRAFT 20090327
|
|
|
|
Status: <b>DRAFT 20090327</b>
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h2><a name="1">1.</a> INTRODUCTION</h2>
|
|
|
|
<h2><a name="1">1.</a> INTRODUCTION</h2>
|
|
|
|
@ -456,11 +456,9 @@ until approved by the Software Assessment Team.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
<B>
|
|
|
|
|
|
|
|
Requests to systems administration for ad hoc queries
|
|
|
|
Requests to systems administration for ad hoc queries
|
|
|
|
over the database for business or similar purposes
|
|
|
|
over the database for business or similar purposes
|
|
|
|
must be approved by the Arbitrator.
|
|
|
|
must be approved by the Arbitrator.
|
|
|
|
</B>
|
|
|
|
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h3><a name="3.4"> 3.4.</a> Access control </h3>
|
|
|
|
<h3><a name="3.4"> 3.4.</a> Access control </h3>
|
|
|
|
@ -528,10 +526,7 @@ authorisations on the below access control lists
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
All changes
|
|
|
|
All changes of personnel
|
|
|
|
<B>
|
|
|
|
|
|
|
|
of personnel
|
|
|
|
|
|
|
|
</B>
|
|
|
|
|
|
|
|
to the above lists are approved by the Board of CAcert.
|
|
|
|
to the above lists are approved by the Board of CAcert.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
@ -612,8 +607,7 @@ and reported in regular summaries to the Board of CAcert.
|
|
|
|
<h4> <a name="4.2.1">4.2.1.</a> Coverage </h4>
|
|
|
|
<h4> <a name="4.2.1">4.2.1.</a> Coverage </h4>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
All sensitive events should be logged
|
|
|
|
All sensitive events should be logged reliably.
|
|
|
|
<B> reliably </B>.
|
|
|
|
|
|
|
|
Logs should be deleted after an appropriate amount of time
|
|
|
|
Logs should be deleted after an appropriate amount of time
|
|
|
|
as documented in the Security Manual.
|
|
|
|
as documented in the Security Manual.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
@ -1187,7 +1181,6 @@ especially of new team members.
|
|
|
|
|
|
|
|
|
|
|
|
<h4> <a name="9.2.1"> 9.2.1. </a> Root Key generation</h4>
|
|
|
|
<h4> <a name="9.2.1"> 9.2.1. </a> Root Key generation</h4>
|
|
|
|
|
|
|
|
|
|
|
|
<B>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
Root keys are generated only on instruction from the Board.
|
|
|
|
Root keys are generated only on instruction from the Board.
|
|
|
|
They must be generated to a fully documented and reviewed procedure.
|
|
|
|
They must be generated to a fully documented and reviewed procedure.
|
|
|
|
@ -1203,7 +1196,6 @@ The procedure must include:
|
|
|
|
<li> Documentation of each step as it happens against the procedure. </li>
|
|
|
|
<li> Documentation of each step as it happens against the procedure. </li>
|
|
|
|
<li> Confirmation by each participant over the process and the results. </li>
|
|
|
|
<li> Confirmation by each participant over the process and the results. </li>
|
|
|
|
</ul>
|
|
|
|
</ul>
|
|
|
|
</B>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h4> <a name="9.2.2"> 9.2.2. </a> Backup and escrow</h4>
|
|
|
|
<h4> <a name="9.2.2"> 9.2.2. </a> Backup and escrow</h4>
|
|
|
|
|
|
|
|
|
|
|
|
@ -1303,20 +1295,16 @@ of open disclosure wherever possible.
|
|
|
|
See <a href="https://svn.cacert.org/CAcert/principles.html">
|
|
|
|
See <a href="https://svn.cacert.org/CAcert/principles.html">
|
|
|
|
Principles</a>.
|
|
|
|
Principles</a>.
|
|
|
|
This is not a statement of politics but a statement of security;
|
|
|
|
This is not a statement of politics but a statement of security;
|
|
|
|
<B>
|
|
|
|
|
|
|
|
if a security issue can only be sustained
|
|
|
|
if a security issue can only be sustained
|
|
|
|
</B>
|
|
|
|
|
|
|
|
under some confidentiality or secrecy, then find another way.
|
|
|
|
under some confidentiality or secrecy, then find another way.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
In concrete terms,
|
|
|
|
In concrete terms,
|
|
|
|
<B>
|
|
|
|
|
|
|
|
confidentiality or secrecy may be maintained only
|
|
|
|
confidentiality or secrecy may be maintained only
|
|
|
|
under a defined method in policy,
|
|
|
|
under a defined method in policy,
|
|
|
|
or under the oversight of the Arbitrator
|
|
|
|
or under the oversight of the Arbitrator
|
|
|
|
(which itself is under DRP).
|
|
|
|
(which itself is under DRP).
|
|
|
|
</B>
|
|
|
|
|
|
|
|
The exception itself must not be secret or confidential.
|
|
|
|
The exception itself must not be secret or confidential.
|
|
|
|
All secrets and confidentials are reviewable under Arbitration,
|
|
|
|
All secrets and confidentials are reviewable under Arbitration,
|
|
|
|
and may be reversed.
|
|
|
|
and may be reversed.
|
|
|
|
|
Ian Grigg
16 years ago