cacert
/
cacert-policies
8
1
Fork 0
Code Issues 3 Pull Requests 1 Packages Projects Releases Wiki Activity

added h to beginning of all heading anchors because later HTML uses pascal naming convention

Browse Source 
git-svn-id: http://svn.cacert.org/CAcert/Policies@1860 14b1bab8-4ef6-0310-b690-991c95c89dfd
pull/1/head
Ian Grigg 15 years ago
parent 63c3b1360b
commit 57a16f61c8
1 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File

42
ConfigurationControlSpecification.html
Unescape Escape View File

@ -53,7 +53,7 @@ Status: 20100407 <i>WIP </i><br><br>
<h3> <a name="1">1</a> <a name="Introduction"> Introduction </a> </h3>
<h3> <a name="h1">1</a> <a name="Introduction"> Introduction </a> </h3>
<!-- This section from A.1.a through A.1.c -->
@ -76,11 +76,11 @@ DRC-A.1.
CCS may be seen as the index to systems audit under DRC.
</p>
<h3> <a name="2">2</a> <a name="Documents"> Documents </a> </h3>
<h3> <a name="h2">2</a> <a name="Documents"> Documents </a> </h3>
<!-- A.1.c-h: The configuration-control specification controls the revision process for the CCS,CP,CPS,PP,SP,R/L/O -->
<h4> <a name="2.1">2.1</a> <a name="doc_list"> Controlled Document List </a> </h4>
<h4> <a name="h2.1">2.1</a> <a name="doc_list"> Controlled Document List </a> </h4>
<p>
This CCS creates a list of Primary or "root" documents known as Policies.
@ -101,7 +101,7 @@ http://wiki.cacert.org/PolicyDecisions</a>.
<!-- See A.1.k, logging of documents. -->
</p>
<h4> <a name="2.2">2.2</a> <a name="doc_change"> Change </a> </h4>
<h4> <a name="h2.2">2.2</a> <a name="doc_change"> Change </a> </h4>
<p>
@ -134,27 +134,27 @@ documents of higher status (DRAFT or POLICY).
Copies should be eliminated where not being worked on.
</p>
<h4> <a name="2.3">2.3</a> <a name="doc_control"> Control </a> </h4>
<h4> <a name="h2.3">2.3</a> <a name="doc_control"> Control </a> </h4>
<p>
CAcert policies are required to be owned / transferred to CAcert. See PoP 6.2.
</p>
<h3> <a name="3">3</a> <a name="Hardware"> Hardware </a> </h3>
<h3> <a name="h3">3</a> <a name="Hardware"> Hardware </a> </h3>
<!-- This section from A.1.j -->
<h4> <a name="3.1">3.1</a> <a name="hard_list"> Controlled Hardware List </a> </h4>
<h4> <a name="h3.1">3.1</a> <a name="hard_list"> Controlled Hardware List </a> </h4>
<p>
Critical systems are defined by Security Policy.
</p>
<h4> <a name="3.2">3.2</a> <a name="hard_change"> Change </a> </h4>
<h4> <a name="h3.2">3.2</a> <a name="hard_change"> Change </a> </h4>
<p> See Security Policy. </p>
<h4> <a name="3.3">3.3</a> <a name="hard_control"> Control </a> </h4>
<h4> <a name="h3.3">3.3</a> <a name="hard_control"> Control </a> </h4>
<p>
Control of Hardware is the ultimate responsibility of the Board of CAcert Inc.
@ -165,9 +165,9 @@ The ownership responsibility is delegated by agreement to Oophaga.
</p>
<h3> <a name="4">4</a> <a name="Software"> Software </a> </h3>
<h3> <a name="h4">4</a> <a name="Software"> Software </a> </h3>
<!-- A.1.i: The configuration-control specification controls changes to software involved in: certs; data; comms to public -->
<h4> <a name="4.1">4.1</a> <a name="hard_list"> Controlled Software List </a> </h4>
<h4> <a name="h4.1">4.1</a> <a name="hard_list"> Controlled Software List </a> </h4>
<p>
Critical software is defined by Security Policy.
@ -181,11 +181,11 @@ Critical software is defined by Security Policy.
<li> What is far more problematic is the failure to do CCA & Challenge notification.
</ul>
<h4> <a name="4.2">4.2</a> <a name="soft_change"> Change </a> </h4>
<h4> <a name="h4.2">4.2</a> <a name="soft_change"> Change </a> </h4>
<p> See Security Policy. </p>
<h4> <a name="4.3">4.3</a> <a name="soft_control"> Control </a> </h4>
<h4> <a name="h4.3">4.3</a> <a name="soft_control"> Control </a> </h4>
<p>
CAcert owns its code, or requires control over open source code in use
@ -219,35 +219,35 @@ and a registry of software under approved open source licences.
<h3> <a name="5">5</a> <a name="Certs"> Certificates </a> </h3>
<h3> <a name="h5">5</a> <a name="Certs"> Certificates </a> </h3>
<!-- This section from A.1.b -->
<h4> <a name="5.1">5.1</a> <a name="certs_list"> Certificates List </a> </h4>
<h4> <a name="h5.1">5.1</a> <a name="certs_list"> Certificates List </a> </h4>
<p> Root Certificates are to be listed in the CPS. </p>
<h4> <a name="5.2">5.2</a> <a name="logs_change"> Changes </a> </h4>
<h4> <a name="h5.2">5.2</a> <a name="logs_change"> Changes </a> </h4>
<p> Creation and usage of Root Certificates is to be controlled by Security Policy. </p>
<h4> <a name="5.3">5.3</a> <a name="logs_archive"> Archive </a> </h4>
<h4> <a name="h5.3">5.3</a> <a name="logs_archive"> Archive </a> </h4>
<p> See Security Policy. </p>
<h3> <a name="6">6</a> <a name="Logs"> Logs </a> </h3>
<h3> <a name="h6">6</a> <a name="Logs"> Logs </a> </h3>
<!-- This section from A.1.k -->
<h4> <a name="6.1">6.1</a> <a name="logs_list"> Controlled Logs List </a> </h4>
<h4> <a name="h6.1">6.1</a> <a name="logs_list"> Controlled Logs List </a> </h4>
<p> Logs are defined by Security Policy. </p>
<h4> <a name="6.2">6.2</a> <a name="logs_change"> Changes </a> </h4>
<h4> <a name="h6.2">6.2</a> <a name="logs_change"> Changes </a> </h4>
<p> Changes to Hardware, Software and Root Certificates are logged according to Security Policy. </p>
<h4> <a name="6.3">6.3</a> <a name="logs_archive"> Archive </a> </h4>
<h4> <a name="h6.3">6.3</a> <a name="logs_archive"> Archive </a> </h4>
<p> See Security Policy. </p>

Write Preview
Loading…
Cancel
Save