From 4229f2f1a65831d171878496c1b3d7ca859c665c Mon Sep 17 00:00:00 2001
From: Ian Grigg <iang@cacert.org>
Date: Mon, 16 Feb 2009 15:34:13 +0000
Subject: [PATCH] Copied directly from SM in wiki, 1st introductory chapter
 only, as a starter.

git-svn-id: http://svn.cacert.org/CAcert/Policies@1172 14b1bab8-4ef6-0310-b690-991c95c89dfd
---
 SecurityPolicy.html | 156 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 156 insertions(+)
 create mode 100644 SecurityPolicy.html

diff --git a/SecurityPolicy.html b/SecurityPolicy.html
new file mode 100644
index 0000000..3a8b73f
--- /dev/null
+++ b/SecurityPolicy.html
@@ -0,0 +1,156 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<html><head>
+<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8"><title>Security Policy</title>
+
+<style type="text/css">
+<!--
+P { color: #000000 }
+TD P { color: #000000 }
+H1 { color: #000000 }
+H2 { color: #000000 }
+DT { color: #000000 }
+DD { color: #000000 }
+H3 { color: #000000 }
+TH P { color: #000000 }
+-->
+</style></head>
+<body style="direction: ltr; color: rgb(0, 0, 0);" lang="en-GB">
+<h1>Security Policy for CAcert Systems</h1>
+<p><a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" id="graphics1" alt="CAcert Security Policy Status == wip" align="bottom" border="0" height="33" width="90"></a>
+<br>
+Creation date: 2009-02-16<br>
+Status: <i>work-in-progress</i>
+</p>
+
+<h2><a name="1">1.</a> Introduction</h2>
+
+<h3><a name="1.1">1.1.</a> Motivation and Scope </h3>
+<p>
+This Security Manual sets out required procedures for the secure operation of the CAcert critical computer systems. These systems include:
+<ol><li>
+     Physical hardware mounting the logical services
+   </li><li>
+     Webserver + database (core server(s))
+   </li><li>
+     Signing service (signing server)
+   </li><li>
+     Support interface
+   </li><li>
+     Source code (changes and patches) 
+</li></ol>
+</p>
+
+<h4><a name="1.1.1">1.1.1.</a> Effected Personnel </h4>
+
+These roles and teams are effected:
+
+<ul><li>
+      Hardware Controllers (Oophaga)
+    </li><li>
+      Direct Hardware Access Systems Administrators
+      (as listed in Oophaga Appendix B Access List)
+    </li><li>
+      Application Administrators
+      (online access to critical systems at Unix level)
+    </li><li>
+      Support Team
+      (online access via administration interfaces)
+    </li><li>
+      Software Development Team
+      (approval of application code) 
+</li></ul>
+</p>
+
+<h4><a name="1.1.1">1.1.2.</a> Out of Scope </h4>
+
+<p>
+Non-critical systems are not covered by this manual,
+but may be guided by it, and impacted where they are
+found within the security context.
+Architecture is out of scope, see CPS#6.2. 
+</p>
+
+<h3><a name="1.2">1.2.</a> Principles </h3>
+<p>
+Important principles of this Security Manual are:
+
+<ul><li>
+      <i>dual control</i> -- at least two individuals must control a task
+    </li><li>
+      <i>4 eyes</i> -- at least two individuals must be present during a task,
+      one to execute and one to observe.
+    </li><li>
+      <i>redundancy</i> -- no single individual is the only one authorized
+      to perform a task.
+    </li><li>
+      <i>escrow</i> -- where critical information (backups, passwords)
+      is kept with other parties
+    </li><li>
+      <i>logging</i> -- where events are recorded in a file
+    </li><li>
+      <i>separation of concerns</i> -- when a core task is split between
+      two people from different areas
+    </li><li>
+      <i>Audit</i> -- where external reviewers do checks on practices and policies 
+</li></ul>
+</p>
+
+<p>
+Each task or asset is covered by a variety of protections
+deriving from the above principles. 
+</p>
+
+<h3><a name="1.3">1.3.</a> Definition of Terms</h3>
+<dl>
+<dt><i>Systems Administrator</i> </dt>
+<dd>
+    A Member who manages a critial system, and has access
+    to security-sensitive functions or data.
+</dd>
+
+<h3><a name="1.4">1.4.</a> Version control</h3>
+
+<h4><a name="1.4.1">1.4.1.</a> The Security Policy Document </h3>
+<p>
+This Security Policy is part of the configuration-control specification
+for audit purposes (DRC).
+It is under the control of Policy on Policy for version purposes.
+</p>
+
+<p>
+This policy document says what is done, rather than how to do it.
+</p>
+
+<h4><a name="1.4.2">1.4.2.</a> The Security Manual (Practices) Document </h3>
+
+<p>
+This Policy explicitly defers detailed security practices to the
+<a href="http://wiki.cacert.org/wiki/SecurityManual">Security Manual</a>
+("SM"),
+The SM says how things are done.
+As practices are things that vary from time to time,
+including between each event of practice,
+the SM is under the direct control of the Systems Administration team.
+It is located and version-controlled on the CAcert wiki.
+</p>
+
+<h4><a name="1.4.3">1.4.3.</a> The Security Procedures </h3>
+
+<p>
+The Systems Administration team may from time to time
+explicitly defer single, cohesive components of the
+security practices into separate procedures documents.
+Each procedure should be managed in a wiki page under
+their control, probably at
+<a href="http://wiki.cacert.org/wiki/SystemAdministration/Procedures">
+SystemAdministrationProcedures</a>.
+Each procedure must be referenced explicitly in the Security Manual.
+</p>
+
+
+<h2><a name="end">End</a></h2>
+<p>This is the end of the Security Policy.</p>
+<p><a href="http://validator.w3.org/check?uri=referer"><img src="Images/valid-xhtml11-blue" id="graphics2" alt="Valid XHTML 1.1" align="bottom" border="0" height="33" width="90"></a>
+</p>
+</body></html>
+