dropped the redundant text in 9.1.4.2 so as to refer directly to critical roles in 1.1.1.

Introduced the acronym ABC into the background section.


git-svn-id: http://svn.cacert.org/CAcert/Policies@1869 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
Ian Grigg 2010-04-11 03:23:41 +00:00
parent 35dbe35d99
commit 7a6d02a7fa

View file

@ -46,10 +46,11 @@ a:hover {
<body lang="en-GB">
<ul class="change">
<li> 20100411: rewrote the critical roles to align with ABC requirement, dropped Board.
<li> 20100404: status changes to WIP<br>
<span class="q"> Security Policy is no longer binding, as of 20100404</span><br />
<li> 20901213: addition of WIP changes<br />
<li> 20090327: status change to DRAFT <a href="http://wiki.cacert.org/PolicyDecisions#p20090327">p20090327</a>.<br />
<li> 20901213: addition of WIP changes
<li> 20090327: status change to DRAFT <a href="http://wiki.cacert.org/PolicyDecisions#p20090327">p20090327</a>.
</ul>
<p>
@ -90,7 +91,8 @@ Board may add additional components into the Security Manual.
<h4><a name="1.1.1">1.1.1.</a> Covered Personnel </h4>
<p>
These roles are directly covered:
Critical roles are covered.
These roles are defined as:
</p>
<ul><li>
@ -100,9 +102,7 @@ These roles are directly covered:
</li><li>
Support Engineers
</li><li>
Software Assessors
</li><li class="change">
Application Engineers
Software Assessors (including Application Engineers)
</li></ul>
<h4><a name="1.1.2">1.1.2.</a> Out of Scope </h4>
@ -206,7 +206,7 @@ This policy document says what is done, rather than how to do it.
<p>
This Policy explicitly defers detailed security practices to the
<a href="http://wiki.cacert.org/wiki/SecurityManual">Security Manual</a>
("SM"),
("SM").
The SM says how things are done.
As practices are things that vary from time to time,
including between each event of practice,
@ -1192,7 +1192,7 @@ New team members need:
<ul>
<li> Recommendation by team leader </li>
<li> Independent background check </li>
<li> Arbitrated Background Check ("ABC") </li>
<li> Authorisation by Board </li>
</ul>
@ -1200,16 +1200,17 @@ New team members need:
The team supports the process of adding new team members.
</p>
<h4> <a name="9.1.4"> 9.1.4. </a> Background Check Procedures</h4>
<h4> <a name="9.1.4"> 9.1.4. </a> Arbitrated Background Check - Procedures</h4>
<p>
Background checks are carried out with full seriousness.
Background checks must be conducted under the direction of the Arbitrator,
The Arbitrated Background Check ("ABC")
must be conducted under the direction of the Arbitrator,
with a separate Case Manager to provide four eyes.
ABCs are carried out with full seriousness.
</p>
<h4> <a name="9.1.4.1"> 9.1.4.1. </a> Scope </h4>
<p>
An investigation should include examination of:
An investigation within ABC should include examination of:
</p>
<ul>
@ -1223,22 +1224,13 @@ An investigation should include examination of:
<h4> <a name="9.1.4.2"> 9.1.4.2. </a> Coverage </h4>
<p>
A background check is to be done for all critical roles.
The background check should be done on all of:
ABC is to be done on every individual in a critical role.
</p>
<ul>
<li> Systems Administrator </li>
<li> Access Engineers </li>
<li> Software Assessor <span class="change"> (including Application Engineer)</span></li>
<li> Support Engineer </li>
<li class="change strike"> Board </li>
</ul>
<h4> <a name="9.1.4.3"> 9.1.4.3. </a> Documentation </h4>
<p>
The process of the background check should be documented as a procedure.
The process of the ABC should be documented as a procedure.
</p>
<p>