|
|
@ -510,9 +510,9 @@ by team or board.
|
|
|
|
<h3> <a name="4.1">4.1.</a> System administration </h3>
|
|
|
|
<h3> <a name="4.1">4.1.</a> System administration </h3>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
Primary systems administration tasks shall be conducted under four eyes principle.
|
|
|
|
Primary systems administration tasks
|
|
|
|
These shall include
|
|
|
|
shall be conducted under four eyes principle.
|
|
|
|
backup performance verification,
|
|
|
|
These shall include backup performance verification,
|
|
|
|
log inspection,
|
|
|
|
log inspection,
|
|
|
|
software patch identification and application,
|
|
|
|
software patch identification and application,
|
|
|
|
account creation and deletion,
|
|
|
|
account creation and deletion,
|
|
|
@ -520,12 +520,15 @@ and hardware maintenance.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
System administrators must pass a background check and comply with all applicable policies in force.
|
|
|
|
System administrators must pass a background check
|
|
|
|
|
|
|
|
and comply with all applicable policies in force.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h4> <a name="4.1.1">4.1.1.</a> Privileged accounts and passwords </h4>
|
|
|
|
<h4> <a name="4.1.1">4.1.1.</a> Privileged accounts and passwords </h4>
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
Access to Accounts (root and user via SSH or console) must be strictly controlled.
|
|
|
|
Access to Accounts
|
|
|
|
|
|
|
|
(root and user via SSH or console)
|
|
|
|
|
|
|
|
must be strictly controlled.
|
|
|
|
Passwords and passphrases entered into the systems will be kept private
|
|
|
|
Passwords and passphrases entered into the systems will be kept private
|
|
|
|
to CAcert sysadmins in all cases.
|
|
|
|
to CAcert sysadmins in all cases.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
@ -539,7 +542,7 @@ shall be authorized to access accounts.
|
|
|
|
<p class="q">Assumes above that there is no reason to have access
|
|
|
|
<p class="q">Assumes above that there is no reason to have access
|
|
|
|
to a Unix-level account on the critical machines unless on the Access List.</p>
|
|
|
|
to a Unix-level account on the critical machines unless on the Access List.</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h5> <a name="4.1.1.2">4.1.1.2.</a> Access to </h5>
|
|
|
|
<h5> <a name="4.1.1.2">4.1.1.2.</a> Access to Systems</h5>
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
All remote communications for systems administration purposes is encrypted,
|
|
|
|
All remote communications for systems administration purposes is encrypted,
|
|
|
|
logged and monitored.
|
|
|
|
logged and monitored.
|
|
|
@ -745,6 +748,38 @@ secret, nor the manner in which it is kept confidential.
|
|
|
|
</p>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<h2><a name="6">6.</a> DISASTER RECOVERY</h2>
|
|
|
|
<h2><a name="6">6.</a> DISASTER RECOVERY</h2>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
|
|
|
|
Disaster Recovery is the responsibility of the Board of CAcert Inc.
|
|
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h3> <a name="6.1"> 6.1. </a> Business Processes </h3>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
|
|
|
|
Board must develop and maintain documentation on Business Processes.
|
|
|
|
|
|
|
|
From this list, Core Processes for business continuity / disaster recovery
|
|
|
|
|
|
|
|
purposes must be identified.
|
|
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h3> <a name="6.2"> 6.2. </a> Recovery Times </h3>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
|
|
|
|
Board should identify standard process times for all processes,
|
|
|
|
|
|
|
|
and must designate Maximum Acceptable Outages
|
|
|
|
|
|
|
|
and Recovery Time Objectives for the Core Processes.
|
|
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h3> <a name="6.3"> 6.3. </a> Plan </h3>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
|
|
|
|
Board must have a basic plan to recover.
|
|
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h3> <a name="6.4"> 6.4. </a> Key Persons List </h3>
|
|
|
|
|
|
|
|
<p>
|
|
|
|
|
|
|
|
Board must maintain a key persons List with all the
|
|
|
|
|
|
|
|
contact information needed.
|
|
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h2><a name="7">7.</a> SOFTWARE DEVELOPMENT</h2>
|
|
|
|
<h2><a name="7">7.</a> SOFTWARE DEVELOPMENT</h2>
|
|
|
|
<h2><a name="8">8.</a> SUPPORT</h2>
|
|
|
|
<h2><a name="8">8.</a> SUPPORT</h2>
|
|
|
|
|
|
|
|
|
|
|
|