changes to add the Application Engineer
git-svn-id: http://svn.cacert.org/CAcert/Policies@1698 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
parent
64286af4bc
commit
a66e571ab4
1 changed files with 152 additions and 11 deletions
|
@ -4,6 +4,42 @@
|
|||
<head>
|
||||
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8">
|
||||
<title>Security Policy</title>
|
||||
|
||||
<style type="text/css">
|
||||
<!--
|
||||
body {
|
||||
font-family : verdana, helvetica, arial, sans-serif;
|
||||
}
|
||||
|
||||
th {
|
||||
text-align : left;
|
||||
}
|
||||
|
||||
.q {
|
||||
color : green;
|
||||
font-weight: bold;
|
||||
text-align: center;
|
||||
font-style:italic;
|
||||
}
|
||||
|
||||
.error {
|
||||
color : red;
|
||||
font-weight: bold;
|
||||
text-align: center;
|
||||
font-style:italic;
|
||||
}
|
||||
|
||||
.change {
|
||||
color : blue;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
a:hover {
|
||||
color : gray;
|
||||
}
|
||||
-->
|
||||
</style>
|
||||
|
||||
</head>
|
||||
<body lang="en-GB">
|
||||
|
||||
|
@ -11,7 +47,14 @@
|
|||
<p><a href="PolicyOnPolicy.html"><img src="Images/cacert-draft.png" alt="CAcert Security Policy Status == wip" border="0"></a>
|
||||
<br>
|
||||
Creation date: 20090216<br>
|
||||
Status: <b>DRAFT 20090327</b>
|
||||
Status: <b>DRAFT 20090327</b><br><br>
|
||||
|
||||
Changes: WIP 20090915<br>
|
||||
<span class="change">work-in-progress additions are in BLUE</b>
|
||||
(unvoted / nonbinding)<br>
|
||||
work-in-progress deletions are </span> <s>struck-out in black</s>
|
||||
<span class="change">but still DRAFT/binding</span> <br>
|
||||
<span class="q">some random comments in GREEN added</span> <br>
|
||||
</p>
|
||||
|
||||
<h2><a name="1">1.</a> INTRODUCTION</h2>
|
||||
|
@ -49,6 +92,8 @@ These roles are directly covered:
|
|||
Support Engineers
|
||||
</li><li>
|
||||
Software Assessors
|
||||
</li><li class="change">
|
||||
Application Engineers
|
||||
</li></ul>
|
||||
|
||||
<h4><a name="1.1.2">1.1.2.</a> Out of Scope </h4>
|
||||
|
@ -102,6 +147,14 @@ deriving from the above principles.
|
|||
See §1.1.
|
||||
</dd>
|
||||
|
||||
<dt class="change"><i>Application Engineer</i> </dt>
|
||||
<dd class="change">
|
||||
A Member who manages the critical application,
|
||||
including installing them on the critical system,
|
||||
final testing, emergency patching, and ad hoc scripting.
|
||||
See §x.x.
|
||||
</dd>
|
||||
|
||||
<dt><i>Software Assessor</i> </dt>
|
||||
<dd>
|
||||
A Member who reviews patches for security and workability,
|
||||
|
@ -440,25 +493,42 @@ independent of filed disputes.
|
|||
|
||||
<h3><a name="3.3"> 3.3.</a> Application </h3>
|
||||
|
||||
<p class="change">
|
||||
Systems administration is to provide a limited environment
|
||||
to Applications Engineers in order to install and maintain
|
||||
the application.
|
||||
</p>
|
||||
|
||||
<ul class="q">
|
||||
<li> insert SSH / non-unix in SM? </li>
|
||||
<li> move all below to §7 </li>
|
||||
</ul>
|
||||
|
||||
<p>
|
||||
<s>
|
||||
Software assessment takes place on various test systems
|
||||
(not a critical system). See §7.
|
||||
Once offered by Software Assessment (team),
|
||||
system administration team leader has to
|
||||
approve the installation of each release or patch.
|
||||
</s>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<s>
|
||||
Any changes made to source code must be referred
|
||||
back to software assessment team
|
||||
and installation needs to be deferred
|
||||
until approved by the Software Assessment Team.
|
||||
</s>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<s>
|
||||
Requests to systems administration for ad hoc queries
|
||||
over the database for business or similar purposes
|
||||
must be approved by the Arbitrator.
|
||||
</s>
|
||||
</p>
|
||||
|
||||
<h3><a name="3.4"> 3.4.</a> Access control </h3>
|
||||
|
@ -518,8 +588,8 @@ authorisations on the below access control lists
|
|||
<td>systems administration team leader</td>
|
||||
</tr><tr>
|
||||
<td>Repository Access List</td>
|
||||
<td>Software Assessors</td>
|
||||
<td>change the source code repository</td>
|
||||
<td><span class="change">Application Engineers</span><s>Software Assessors</s></td>
|
||||
<td>change the source code repository <span class="change">and install patches to application</change></td>
|
||||
<td>exclusive with Access Engineers and systems administrators</td>
|
||||
<td>software assessment team leader</td>
|
||||
</tr></table>
|
||||
|
@ -568,12 +638,16 @@ Access to Accounts
|
|||
must be strictly controlled.
|
||||
Passphrases and SSH private keys used for entering into the systems
|
||||
will be kept private
|
||||
to CAcert sysadmins in all cases.
|
||||
to CAcert sysadmins
|
||||
<span class="change">and Application Engineers</span>
|
||||
in all cases.
|
||||
</p>
|
||||
|
||||
<h5> <a name="4.1.1.1">4.1.1.1.</a> Authorized users </h5>
|
||||
<p>
|
||||
Only System Administrators designated on the Access Lists
|
||||
Only System Administrators
|
||||
<span class="change">and Application Engineers</span>
|
||||
designated on the Access Lists
|
||||
in §3.4.2 are authorized to access accounts,
|
||||
unless specifically directed by the Arbitrator.
|
||||
</p>
|
||||
|
@ -825,7 +899,7 @@ infrastructure is not available.
|
|||
|
||||
<p>
|
||||
Software assessment team is responsible
|
||||
for the security of the code.
|
||||
for the security <span class="change">and maintenance</span> of the code.
|
||||
</p>
|
||||
|
||||
<h3> <a name="7.1"> 7.1. </a> Authority </h3>
|
||||
|
@ -838,7 +912,7 @@ See §3.4.2.
|
|||
|
||||
<h3> <a name="7.2"> 7.2. </a> Tasks </h3>
|
||||
<p>
|
||||
The primary tasks are:
|
||||
The primary tasks <span class="change">for Software Assessors</span> are:
|
||||
</p>
|
||||
<ol><li>
|
||||
Keep the code secure in its operation,
|
||||
|
@ -847,7 +921,7 @@ The primary tasks are:
|
|||
</li><li>
|
||||
Audit, Verify and sign-off proposed patches,
|
||||
</li><li>
|
||||
Guide Systems Administration team in inserting patches,
|
||||
<s>Guide Systems Administration team in inserting patches,</s>
|
||||
</li><li>
|
||||
Provide guidance for architecture,
|
||||
</li></ol>
|
||||
|
@ -857,6 +931,27 @@ Software assessment is not primarily tasked to write the code.
|
|||
In principle, anyone can submit code changes for approval.
|
||||
</p>
|
||||
|
||||
<p class="change">
|
||||
The primary tasks for Application Engineers are:
|
||||
</p>
|
||||
<ol class="change"><li>
|
||||
Installing signed-off patches,
|
||||
</li><li>
|
||||
Verifying correct running,
|
||||
</li><li>
|
||||
Correcting immediate errors and copying fixes back to
|
||||
upstream repositories,
|
||||
</li><li>
|
||||
Running ad-hoc database scripts and other programs,
|
||||
</li><li>
|
||||
Repairing data errors,
|
||||
</li><li>
|
||||
Backing up at the database level,
|
||||
</li><li>
|
||||
Watching application-level logs.
|
||||
</li></ol>
|
||||
|
||||
|
||||
|
||||
<h3> <a name="7.3"> 7.3. </a> Repository </h3>
|
||||
|
||||
|
@ -866,6 +961,26 @@ in a central repository that is run by the
|
|||
software assessment team.
|
||||
</p>
|
||||
|
||||
|
||||
<ul class="q">
|
||||
<li> is this something that can be and is being run by systems administration team? </li>
|
||||
<li> Or are their two, the test one and the critical one? </li>
|
||||
<li> Like this: </li>
|
||||
</ul>
|
||||
|
||||
<p class="change">
|
||||
The development code and testing patches are maintained
|
||||
in a central development repository that is run by the
|
||||
software assessment team.
|
||||
</p>
|
||||
|
||||
<p class="change">
|
||||
The production code is maintained in a secure production repository
|
||||
within the critical systems that is run by the
|
||||
systems administation team.
|
||||
Access is made available to the Application Engineers.
|
||||
</p>
|
||||
|
||||
<h3> <a name="7.4"> 7.4. </a> Review </h3>
|
||||
|
||||
<p>
|
||||
|
@ -895,10 +1010,30 @@ Bug submission access should be provided to
|
|||
any Member that requests it.
|
||||
</p>
|
||||
|
||||
<h3> <a name="7.6"> 7.6. </a> Handover </h3>
|
||||
<h3> <a name="7.6"> 7.6. </a> <s>Handover</s> <span class="change">Production</span> </h3>
|
||||
|
||||
<p class="change">
|
||||
Application Engineers are roles within Software Assessment
|
||||
team that are approved to install into production the
|
||||
patches that are signed off.
|
||||
Once signed off, the Application Engineer
|
||||
commits the patch from the development repository
|
||||
to the production repository,
|
||||
and installs the patch from the production repository
|
||||
into the running code.
|
||||
The Application Engineer is responsible for basic
|
||||
testing of functionality and emergency fixes,
|
||||
which then must be back-installed into the repositories.
|
||||
</p>
|
||||
|
||||
<p class="change">
|
||||
Requests to Application Engineers for ad hoc queries over the database for business or similar purposes must be approved by the Arbitrator.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
Once signed off, software assessment (team leader)
|
||||
<s>
|
||||
Once signed off,
|
||||
software assessment (team leader)
|
||||
coordinates with systems administration (team leader)
|
||||
to offer the upgrade.
|
||||
Upgrade format is to be negotiated,
|
||||
|
@ -906,21 +1041,26 @@ but systems administration naturally has the last word.
|
|||
Software Assessors are not to have access
|
||||
to the critical systems, providing a dual control
|
||||
at the teams level.
|
||||
</s>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<s>
|
||||
If compilation and/or other processing of the
|
||||
application source code in the version control system
|
||||
is necessary to deploy the application,
|
||||
detailed installation instructions should also be
|
||||
maintained in the version control system and offered to the
|
||||
System Administrators.
|
||||
</s>
|
||||
</p>
|
||||
|
||||
<p>
|
||||
<s>
|
||||
Systems administrators copy the patches securely
|
||||
from the software assessment repository
|
||||
onto the critical machine.
|
||||
</s>
|
||||
See §3.3.
|
||||
</p>
|
||||
|
||||
|
@ -1013,6 +1153,7 @@ or Case Managers.
|
|||
<li> Access Engineer: responsible for controlling access to hardware, and maintaining hardware. </li>
|
||||
<li> System administrator: responsible for maintaining core services and integrity. </li>
|
||||
<li> Software Assessor: maintain the code base and confirm security ("sign-off") of patches and releases.</li>
|
||||
<li class="change"> Application Engineer: install application updates and confirm basic working.</li>
|
||||
<li> Support Engineer: human interface with users.</li>
|
||||
<li> Team leaders: coordinate with teams, report to Board.</li>
|
||||
<li> All: respond to Arbitrator's rulings on changes. Respond to critical security issues. Observe.</li>
|
||||
|
@ -1080,7 +1221,7 @@ The background check should be done on all of:
|
|||
<ul>
|
||||
<li> Systems Administrator </li>
|
||||
<li> Access Engineers </li>
|
||||
<li> Software Assessor </li>
|
||||
<li> Software Assessor <span class="change"> (including Application Engineer)</span></li>
|
||||
<li> Support Engineer </li>
|
||||
<li> Board </li>
|
||||
</ul>
|
||||
|
|
Loading…
Reference in a new issue