Dropped / Confirmed BLUE changes where they introduced the Application Engineer.

Tightened up the Management by applicable team leaders, especially in 3.4 (this moves management of lists to t/l but changing the list is still Board). Left in place the BLUE changes over the software repository management, and referred some of that question to the SM. git-svn-id: http://svn.cacert.org/CAcert/Policies@1875 14b1bab8-4ef6-0310-b690-991c95c89dfd
15 years ago · 74694e234a
parent fe0b2a2af0
commit 74694e234a
1 changed files with 39 additions and 91 deletions
--- a/SecurityPolicy.html
+++ b/SecurityPolicy.html
@ -191,8 +191,8 @@ deriving from the above principles.
 <h4><a name="1.4.1">1.4.1.</a> The Security Policy Document </h4>
 <p>
-This Security Policy is part of the configuration-control specification
+This Security Policy is part of the Configuration-Control Specification
-for audit purposes (DRC).
+for audit purposes (DRC-A.1).
 It is under the control of Policy on Policy for version purposes.
 </p>
@ -210,7 +210,11 @@ This Policy explicitly defers detailed security practices to the
 The SM says how things are done.
 As practices are things that vary from time to time,
 including between each event of practice,
-the SM is under the direct control of the Systems Administration team.
+the SM is under the direct control of the
 <span class="change">
 <s>Systems Administration team</s>
 applicable team leaders.
 </span>
 It is located and version-controlled on the CAcert wiki.
 </p>
@ -354,7 +358,11 @@ one systems administrator present.
 <p>
 There is no inherent authorisation to access the data.
-Systems Administrators are authorised to access
+Systems Administrators
 <span class="change">
 and Application Engineers
 </span>
 are authorised to access
 the raw data under the control of this policy.
 All others must not access the raw data.
 All are responsible for protecting the data
@ -486,7 +494,10 @@ of software has become known
 an emergent local exploit may also be deemed to be an emergency).
 Application of patches in this case may occur as soon as possible,
 bypassing the normal configuration-change process.
-The systems administration team leader must either approve the patch,
+The systems administration team leader must either approve the patch
 <span class="change">
 or
 </span>
 instruct remedial action, and refer the case to dispute resolution.
 </p>
@ -502,44 +513,12 @@ independent of filed disputes.
 <h3><a name="3.3"> 3.3.</a> Application </h3>
-<p class="change">
+<p>
 Systems administration is to provide a limited environment
 to Applications Engineers in order to install and maintain
 the application.
 </p>
 <ul class="q">
   <li> insert SSH / non-unix in SM? </li>
   <li> move all below to &sect;7 </li>
 </ul>
 <p>
 <s>
 Software assessment takes place on various test systems
 (not a critical system). See &sect;7.
 Once offered by Software Assessment (team),
 system administration team leader has to
 approve the installation of each release or patch.
 </s>
 </p>
 <p>
 <s>
 Any changes made to source code must be referred
 back to software assessment team
 and installation needs to be deferred
 until approved by the Software Assessment Team.
 </s>
 </p>
 <p>
 <s>
 Requests to systems administration for ad hoc queries
 over the database for business or similar purposes
 must be approved by the Arbitrator.
 </s>
 </p>
 <h3><a name="3.4"> 3.4.</a> Access control </h3>
 <p>
@ -576,31 +555,31 @@ authorisations on the below access control lists
  <td>Access Engineers</td>
  <td>control of access by personnel to hardware</td>
  <td>exclusive of all other roles </td>
-  <td>Board of CAcert (or designee)</td>
+  <td><span class="change">Access team leader <s>Board of CAcert (or designee)</s></span></td>
 </tr><tr>
  <td>Physical Access List</td>
  <td>Systems Administrators</td>
  <td>hardware-level for installation and recovery</td>
  <td>exclusive with Access Engineers and Software Assessors</td>
-  <td>Board of CAcert (or designee)</td>
+  <td><span class="change">systems administration team leader <s>Board of CAcert (or designee)</s></span></td>
 </tr><tr>
  <td>SSH Access List</td>
-  <td>Systems Administrators</td>
+  <td>Systems Administrators <span class="change">and Application Engineers </span></td>
  <td>Unix / account / shell level</td>
  <td> includes by default all on Physical Access List </td>
  <td>systems administration team leader</td>
 </tr><tr>
  <td>Support Access List</td>
  <td>Support Engineer</td>
  <td>support features in the web application</td>
  <td> includes by default all systems administrators </td>
  <td>systems administration team leader</td>
 </tr><tr>
  <td>Repository Access List</td>
-  <td><span class="change">Application Engineers</span><s>Software Assessors</s></td>
+  <td>Application Engineers</td>
-  <td>change the source code repository <span class="change">and install patches to application</change></td>
+  <td>change the source code repository and install patches to application</td>
  <td>exclusive with Access Engineers and systems administrators</td>
  <td>software assessment team leader</td>
 </tr><tr>
  <td>Support Access List</td>
  <td>Support Engineer</td>
  <td>support features in the web application</td>
  <td> includes by default all <span class="change">Application Engineers <s>systems administrators</s> </span> </td>
  <td><span class="change"><s>systems administration</s> support</span> team leader</td>
 </tr></table>
@ -648,14 +627,14 @@ must be strictly controlled.
 Passphrases and SSH private keys used for entering into the systems
 will be kept private
 to CAcert sysadmins
-<span class="change">and Application Engineers</span>
+and Application Engineers
 in all cases.
 </p>
 <h5> <a name="4.1.1.1">4.1.1.1.</a> Authorized users </h5>
 <p>
 Only System Administrators
-<span class="change">and Application Engineers</span>
+and Application Engineers
 designated on the Access Lists
 in &sect;3.4.2 are authorized to access accounts,
 unless specifically directed by the Arbitrator.
@ -908,7 +887,7 @@ infrastructure is not available.
 <p>
 Software assessment team is responsible
-for the security <span class="change">and maintenance</span> of the code.
+for the security and maintenance of the code.
 </p>
 <h3> <a name="7.1"> 7.1. </a> Authority </h3>
@ -921,7 +900,7 @@ See &sect;3.4.2.
 <h3> <a name="7.2"> 7.2. </a> Tasks </h3>
 <p>
-The primary tasks <span class="change">for Software Assessors</span> are:
+The primary tasks for Software Assessors are:
 </p>
 <ol><li>
    Keep the code secure in its operation,
@ -929,8 +908,6 @@ The primary tasks <span class="change">for Software Assessors</span> are:
    Fix security bugs, including incidents,
  </li><li>
    Audit, Verify and sign-off proposed patches,
  </li><li>
    <s>Guide Systems Administration team in inserting patches,</s>
  </li><li>
    Provide guidance for architecture,
 </li></ol>
@ -940,10 +917,10 @@ Software assessment is not primarily tasked to write the code.
 In principle, anyone can submit code changes for approval.
 </p>
-<p class="change">
+<p>
 The primary tasks for Application Engineers are:
 </p>
-<ol class="change"><li>
+<ol><li>
    Installing signed-off patches,
  </li><li>
    Verifying correct running,
@ -1022,9 +999,10 @@ any Member that requests it.
 <h3> <a name="7.6"> 7.6. </a> <s>Handover</s> <span class="change">Production</span> </h3>
 <p class="change">
-Application Engineers are roles within Software Assessment
+The Application Engineer is a role within Software Assessment
-team that are approved to install into production the
+team that is approved to install into production the
 patches that are signed off.
 <s>
 Once signed off, the Application Engineer
 commits the patch from the development repository
 to the production repository,
@ -1033,6 +1011,7 @@ into the running code.
 The Application Engineer is responsible for basic
 testing of functionality and emergency fixes,
 which then must be back-installed into the repositories.
 </s>
 </p>
 <p class="change">
@ -1040,36 +1019,6 @@ Requests to Application Engineers for ad hoc queries over the database for busin
 </p>
 <p>
 <s>
 Once signed off,
 software assessment (team leader)
 coordinates with systems administration (team leader)
 to offer the upgrade.
 Upgrade format is to be negotiated,
 but systems administration naturally has the last word.
 Software Assessors are not to have access
 to the critical systems, providing a dual control
 at the teams level.
 </s>
 </p>
 <p>
 <s>
 If compilation and/or other processing of the
 application source code in the version control system
 is necessary to deploy the application,
 detailed installation instructions should also be
 maintained in the version control system and offered to the
 System Administrators.
 </s>
 </p>
 <p>
 <s>
 Systems administrators copy the patches securely
 from the software assessment repository
 onto the critical machine.
 </s>
 See &sect;3.3.
 </p>
@ -1380,7 +1329,7 @@ All external inquiries of security import are filed as disputes and placed befor
 Only the Arbitrator has the authority
 to deal with external requests and/or create a procedure.
 Access Engineers, systems administrators,
-<span class="change">support engineers</span>,
+support engineers,
 Board members and other key roles
 do not have the authority to answer legal inquiry.
 The Arbitrator's ruling may instruct individuals,
@ -1409,7 +1358,6 @@ All arrangements must be:
          Assured Organisations, in which
          all involved personnel are Assurers,
      </li></ul>
  </li><li>
  </li><li>
    with Members that have the requisite knowledge
    and in good contact with the team leader(s),