dropped the redundant text in 9.1.4.2 so as to refer directly to critical roles in 1.1.1.
Introduced the acronym ABC into the background section. git-svn-id: http://svn.cacert.org/CAcert/Policies@1869 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
parent
35dbe35d99
commit
7a6d02a7fa
1 changed files with 15 additions and 23 deletions
|
@ -46,10 +46,11 @@ a:hover {
|
|||
<body lang="en-GB">
|
||||
|
||||
<ul class="change">
|
||||
<li> 20100411: rewrote the critical roles to align with ABC requirement, dropped Board.
|
||||
<li> 20100404: status changes to WIP<br>
|
||||
<span class="q"> Security Policy is no longer binding, as of 20100404</span><br />
|
||||
<li> 20901213: addition of WIP changes<br />
|
||||
<li> 20090327: status change to DRAFT <a href="http://wiki.cacert.org/PolicyDecisions#p20090327">p20090327</a>.<br />
|
||||
<li> 20901213: addition of WIP changes
|
||||
<li> 20090327: status change to DRAFT <a href="http://wiki.cacert.org/PolicyDecisions#p20090327">p20090327</a>.
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
|
@ -90,7 +91,8 @@ Board may add additional components into the Security Manual.
|
|||
<h4><a name="1.1.1">1.1.1.</a> Covered Personnel </h4>
|
||||
|
||||
<p>
|
||||
These roles are directly covered:
|
||||
Critical roles are covered.
|
||||
These roles are defined as:
|
||||
</p>
|
||||
|
||||
<ul><li>
|
||||
|
@ -100,9 +102,7 @@ These roles are directly covered:
|
|||
</li><li>
|
||||
Support Engineers
|
||||
</li><li>
|
||||
Software Assessors
|
||||
</li><li class="change">
|
||||
Application Engineers
|
||||
Software Assessors (including Application Engineers)
|
||||
</li></ul>
|
||||
|
||||
<h4><a name="1.1.2">1.1.2.</a> Out of Scope </h4>
|
||||
|
@ -206,7 +206,7 @@ This policy document says what is done, rather than how to do it.
|
|||
<p>
|
||||
This Policy explicitly defers detailed security practices to the
|
||||
<a href="http://wiki.cacert.org/wiki/SecurityManual">Security Manual</a>
|
||||
("SM"),
|
||||
("SM").
|
||||
The SM says how things are done.
|
||||
As practices are things that vary from time to time,
|
||||
including between each event of practice,
|
||||
|
@ -1192,7 +1192,7 @@ New team members need:
|
|||
|
||||
<ul>
|
||||
<li> Recommendation by team leader </li>
|
||||
<li> Independent background check </li>
|
||||
<li> Arbitrated Background Check ("ABC") </li>
|
||||
<li> Authorisation by Board </li>
|
||||
</ul>
|
||||
|
||||
|
@ -1200,16 +1200,17 @@ New team members need:
|
|||
The team supports the process of adding new team members.
|
||||
</p>
|
||||
|
||||
<h4> <a name="9.1.4"> 9.1.4. </a> Background Check Procedures</h4>
|
||||
<h4> <a name="9.1.4"> 9.1.4. </a> Arbitrated Background Check - Procedures</h4>
|
||||
<p>
|
||||
Background checks are carried out with full seriousness.
|
||||
Background checks must be conducted under the direction of the Arbitrator,
|
||||
The Arbitrated Background Check ("ABC")
|
||||
must be conducted under the direction of the Arbitrator,
|
||||
with a separate Case Manager to provide four eyes.
|
||||
ABCs are carried out with full seriousness.
|
||||
</p>
|
||||
|
||||
<h4> <a name="9.1.4.1"> 9.1.4.1. </a> Scope </h4>
|
||||
<p>
|
||||
An investigation should include examination of:
|
||||
An investigation within ABC should include examination of:
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
|
@ -1223,22 +1224,13 @@ An investigation should include examination of:
|
|||
|
||||
<h4> <a name="9.1.4.2"> 9.1.4.2. </a> Coverage </h4>
|
||||
<p>
|
||||
A background check is to be done for all critical roles.
|
||||
The background check should be done on all of:
|
||||
ABC is to be done on every individual in a critical role.
|
||||
</p>
|
||||
|
||||
<ul>
|
||||
<li> Systems Administrator </li>
|
||||
<li> Access Engineers </li>
|
||||
<li> Software Assessor <span class="change"> (including Application Engineer)</span></li>
|
||||
<li> Support Engineer </li>
|
||||
<li class="change strike"> Board </li>
|
||||
</ul>
|
||||
|
||||
<h4> <a name="9.1.4.3"> 9.1.4.3. </a> Documentation </h4>
|
||||
|
||||
<p>
|
||||
The process of the background check should be documented as a procedure.
|
||||
The process of the ABC should be documented as a procedure.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
|
|
Loading…
Reference in a new issue