diff --git a/ConfigurationControlSpecification.html b/ConfigurationControlSpecification.html new file mode 100644 index 0000000..fbc5b94 --- /dev/null +++ b/ConfigurationControlSpecification.html @@ -0,0 +1,283 @@ + + +
+ +
+Creation date: 20091214
+Status: WIP
+
+
+
+
+The Configuration Control Specification (CCS) controls and tracks those documents, processes and assets which are critical to the business, security and governance of the CAcert operations. +
+ ++This document is the procedure for CCS. +This document itself is a component of the CCS. +All other documentation and process specified within +is derivative and is ruled by the CCS. +
+ ++This CCS creates a list of Primary or "root" documents: +
+ +CAcert Official Document number. | Abbrev. | Name | Location | Since | Comments |
---|---|---|---|---|---|
COD1 | +PoP | +Policy On Policy | +http://www.cacert.org/policy/PolicyOnPolicy.php | +p20070822.... | +covers all documents | +
COD2 | +CCS | +Configuration Control Specification | +http://www.cacert.org/policy/ConfigurationControlSpecification.php | +2010..... | +this document | +
COD6 | +CPS | +Certification Practice Statement | +http://www.cacert.org/policy/CertificationPracticeStatement.php | +p200903xx.... | +includes Certificate Policies | +
COD5 | +PP | +Privacy Policy | +http://www.cacert.org/ | +20060629 | +out of date | +
5 | +SP | +Security Policy | +http://www.cacert.org/policy/SecurityPolicy.php | +p20090327 | +. | +
6 | +CCA | +CAcert Community Agreement | +http://www.cacert.org/policy/CAcertCommunityAgreement.php | +p20070822... | +Subscriber Agreement | +
COD4 | +NRP-DaL | +Non-Related Persons -- Disclaimer and Licence | +http://www.cacert.org/policy/NRPDisclaimerAndLicence.php | +m20070918.1 | +Relying Party Agreement | +
7 | +3pv-DaL | +3rd Party Vendor -- Disclaimer and Licence | +http://www.cacert.org/policy/3pvDisclaimerAndLicence.php | +p2010... | +Distributor Agreement | +
COD7 | +DRP | +Dispute Resolution Policy | +http://www.cacert.org/policy/DisputeResolutionPolicy.php | +m20070919.3 | +. | +
9 | +AP | +Assurance Policy | +http://www.cacert.org/policy/DisputeResolutionPolicy.php | +p2010... | +. | +
+Primary Documents may authorise other secondary documents +under the same process (PoP). +Document Officer manages a controlled documents list +containing numbers, locations and versions of all controlled documents. +
+ ++Overall responsibility for change to documents resides with the policy mailgroup, as specified in Policy on Policy. CAcert Inc., board maintains a veto on new policies while in DRAFT. Fully approved documents (POLICY status) are published on the CAcert website at http://www.cacert.org/policy/ in plain HTML format. +
+ ++Pre-approval work (DRAFT status) and working documents (work-in-progress status) are made available on publically-accessible version management systems (Subversion: http://svn.cacert.org/CAcert/Policies . wiki: http://wiki.cacert.org/wiki/PolicyDrafts ). +
+ ++CAcert policies are required to be owned / transferred to CAcert. See PoP 6.2. +
+ ++Critical systems are defined by Security Policy. +
+ +See Security Policy.
+ ++Control of Hardware is the ultimate responsibility of the Board of CAcert Inc. +The responsibility for acts with hardware is delegated +to Access Engineers and Systems Administrators as per +Security Policy. +The ownership responsibility is delegated by agreement to Oophaga. +
+ + ++Critical software is defined by Security Policy. +
+ +See Security Policy.
+ ++CAcert owns or requires full control over its code +by means of an approved free and open licence. +Such code must be identified and managed by Software Assessment. +
+ ++Developers transfer full rights to CAcert +(in a similar fashion to documents), +or organise their contributions under a +proper free and open source code regime, +as approved by Board. +Where code is published +(beyond scope of this document) +care must be taken not to infringe licence conditions. +For example, mingling issues with GPL. +
+ ++The Software Assessment Team Leader +maintains a registry of assignments +of title or full licence, +and a registry of software under approved open source licences. +
+ + + ++Logs are defined by Security Policy. +
+ +Changes to Hardware and Software are logged according to Security Policy.
+ +See Security Policy.
+ +