dropped the redundant text in 9.1.4.2 so as to refer directly to critical roles in 1.1.1.

Introduced the acronym ABC into the background section. git-svn-id: http://svn.cacert.org/CAcert/Policies@1869 14b1bab8-4ef6-0310-b690-991c95c89dfd
2010-04-11 03:23:41 +00:00 · 2010-04-11 03:23:41 +00:00 · 7a6d02a7fa
commit 7a6d02a7fa
parent 35dbe35d99
1 changed files with 15 additions and 23 deletions
--- a/SecurityPolicy.html
+++ b/SecurityPolicy.html
@ -46,10 +46,11 @@ a:hover {
 <body lang="en-GB">
 <ul class="change">
 <li> 20100411: rewrote the critical roles to align with ABC requirement, dropped Board.
 <li> 20100404: status changes to WIP<br>
    <span class="q"> Security Policy is no longer binding, as of 20100404</span><br />
-<li> 20901213: addition of WIP changes<br />
+<li> 20901213: addition of WIP changes
-<li> 20090327: status change to DRAFT <a href="http://wiki.cacert.org/PolicyDecisions#p20090327">p20090327</a>.<br />
+<li> 20090327: status change to DRAFT <a href="http://wiki.cacert.org/PolicyDecisions#p20090327">p20090327</a>.
 </ul>
 <p>
@ -90,7 +91,8 @@ Board may add additional components into the Security Manual.
 <h4><a name="1.1.1">1.1.1.</a> Covered Personnel </h4>
 <p>
-These roles are directly covered:
+Critical roles are covered.
 These roles are defined as:
 </p>
 <ul><li>
@ -100,9 +102,7 @@ These roles are directly covered:
    </li><li>
      Support Engineers
    </li><li>
-      Software Assessors
+      Software Assessors (including Application Engineers)
    </li><li class="change">
      Application Engineers
 </li></ul>
 <h4><a name="1.1.2">1.1.2.</a> Out of Scope </h4>
@ -206,7 +206,7 @@ This policy document says what is done, rather than how to do it.
 <p>
 This Policy explicitly defers detailed security practices to the
 <a href="http://wiki.cacert.org/wiki/SecurityManual">Security Manual</a>
-("SM"),
+("SM").
 The SM says how things are done.
 As practices are things that vary from time to time,
 including between each event of practice,
@ -1192,7 +1192,7 @@ New team members need:
 <ul>
    <li> Recommendation by team leader </li>
-    <li> Independent background check </li>
+    <li> Arbitrated Background Check ("ABC") </li>
    <li> Authorisation by Board </li>
 </ul>
@ -1200,16 +1200,17 @@ New team members need:
 The team supports the process of adding new team members.
 </p>
-<h4> <a name="9.1.4"> 9.1.4. </a> Background Check Procedures</h4>
+<h4> <a name="9.1.4"> 9.1.4. </a> Arbitrated Background Check - Procedures</h4>
 <p>
-Background checks are carried out with full seriousness.
+The Arbitrated Background Check ("ABC")
-Background checks must be conducted under the direction of the Arbitrator,
+must be conducted under the direction of the Arbitrator,
 with a separate Case Manager to provide four eyes.
 ABCs are carried out with full seriousness.
 </p>
 <h4> <a name="9.1.4.1"> 9.1.4.1. </a> Scope </h4>
 <p>
-An investigation should include examination of:
+An investigation within ABC should include examination of:
 </p>
 <ul>
@ -1223,22 +1224,13 @@ An investigation should include examination of:
 <h4> <a name="9.1.4.2"> 9.1.4.2. </a> Coverage </h4>
 <p>
-A background check is to be done for all critical roles.
+ABC is to be done on every individual in a critical role.
 The background check should be done on all of:
 </p>
 <ul>
    <li> Systems Administrator </li>
    <li> Access Engineers </li>
    <li> Software Assessor <span class="change"> (including Application Engineer)</span></li>
    <li> Support Engineer </li>
    <li class="change strike"> Board </li>
 </ul>
 <h4> <a name="9.1.4.3"> 9.1.4.3. </a> Documentation </h4>
 <p>
-The process of the background check should be documented as a procedure.
+The process of the ABC should be documented as a procedure.
 </p>
 <p>