another attempt

git-svn-id: http://svn.cacert.org/CAcert/Policies@1741 14b1bab8-4ef6-0310-b690-991c95c89dfd
2009-12-31 20:02:37 +00:00 · 2009-12-31 20:02:37 +00:00 · b44b84a96a
commit b44b84a96a
parent aa9f827e3d
1 changed files with 283 additions and 0 deletions
--- a/ConfigurationControlSpecification.html
+++ b/ConfigurationControlSpecification.html
@ -0,0 +1,283 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+                      "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+ <head>
+ <meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8">
+ <title>Configuration Controlled Specification - work-in-progress</title>
+
+<style type="text/css">
+<!--
+body {
+        font-family : verdana, helvetica, arial, sans-serif;
+}
+
+th {
+        text-align : left;
+}
+
+.q {
+        color : green;
+        font-weight: bold;
+        text-align: center;
+        font-style:italic;
+}
+
+.error {
+        color : red;
+        font-weight: bold;
+        text-align: center;
+        font-style:italic;
+}
+
+.change {
+        color : blue;
+        font-weight: bold;
+}
+
+a:hover {
+        color : gray;
+}
+-->
+</style>
+
+</head>
+<body lang="en-GB">
+
+<h1> Configuration Control Specification </h1>
+
+<!-- Absolute URL because the policies are located absolutely. -->
+<a href="http://www.cacert.org/policy/PolicyOnPolicy.php"><img align="right" src="Images/cacert-wip.png" alt="Configuration Control Specification Status == work-in-progress" border="0"></a><p>
+Creation date: 20091214<br>
+Status: <i>WIP </i><br><br>
+
+
+
+<h3> <a name="1">1</a> <a name="Introduction"> Introduction </a> </h3>
+
+<!-- This section from A.1.a through A.1.c -->
+
+<p>
+The Configuration Control Specification (CCS) controls and tracks those documents, processes and assets which are critical to the business, security and governance of the CAcert operations.
+</p>
+
+<p>
+This document is the procedure for CCS.
+This document itself is a component of the CCS.
+All other documentation and process specified within
+is derivative and is ruled by the CCS. 
+</p>
+
+<h3> <a name="2">2</a> <a name="Documents"> Documents </a> </h3>
+
+<!-- This section from A.1.c through A.1.h -->
+
+<h4> <a name="2.1">2.1</a> <a name="doc_list"> Controlled Document List </a> </h4>
+
+<p>
+This CCS creates a list of Primary or "root" documents:
+</p>
+
+<hr>
+<table>
+<!-- Since is first date under control -->
+<tr> <th><small>CAcert Official Document number</small>.</th> <th>Abbrev.</th> <th>Name</th> <th>Location</th> <th>Since</th> <th>Comments</th> </tr>
+<tr>
+   <td> COD1 </td>
+   <td> PoP </td>
+   <td> Policy On Policy </td>
+   <td> <a href="http://www.cacert.org/policy/PolicyOnPolicy.php">http://www.cacert.org/policy/PolicyOnPolicy.php</a> </td>
+   <td> p20070822.... </td>
+   <td> covers all documents </td>
+</tr>
+<tr>
+   <td> COD2 </td>
+   <td> CCS </td>
+   <td> Configuration Control Specification </td>
+   <td> <a href="http://www.cacert.org/policy/ConfigurationControlSpecification.php">http://www.cacert.org/policy/ConfigurationControlSpecification.php</a> </td>
+   <td> 2010..... </td>
+   <td> this document </td>
+</tr>
+
+<tr>
+   <td> COD6 </td>
+   <td> CPS </td>
+   <td> Certification Practice Statement </td>
+   <td> <a href="http://www.cacert.org/policy/CertificationPracticeStatement.php">http://www.cacert.org/policy/CertificationPracticeStatement.php</a> </td>
+   <td> p200903xx.... </td>
+   <td> includes Certificate Policies </td>
+</tr>
+
+<tr>
+   <td> COD5 </td>
+   <td> PP </td>
+   <td> Privacy Policy </td>
+   <td> <a href="http://www.cacert.org/">http://www.cacert.org/</a> </td>
+   <td> 20060629 </td>
+   <td> <i> out of date </i> </td>
+</tr>
+
+<tr>
+   <td> 5 </td>
+   <td> SP </td>
+   <td> Security Policy </td>
+   <td> <a href="http://www.cacert.org/policy/SecurityPolicy.php">http://www.cacert.org/policy/SecurityPolicy.php</a> </td>
+   <td> p20090327 </td>
+   <td> . </td>
+</tr>
+
+<tr>
+   <td> 6 </td>
+   <td> CCA </td>
+   <td> CAcert Community Agreement </td>
+   <td> <a href="http://www.cacert.org/policy/CAcertCommunityAgreement.php">http://www.cacert.org/policy/CAcertCommunityAgreement.php</a> </td>
+   <td> p20070822... </td>
+   <td> Subscriber Agreement </td>
+</tr>
+
+<tr>
+   <td> COD4 </td>
+   <td> NRP-DaL </td>
+   <td> Non-Related Persons -- Disclaimer and Licence </td>
+   <td> <a href="http://www.cacert.org/policy/NRPDisclaimerAndLicence.php">http://www.cacert.org/policy/NRPDisclaimerAndLicence.php</a> </td>
+   <td> m20070918.1 </td>
+   <td> Relying Party Agreement </td>
+</tr>
+
+<tr>
+   <td> 7 </td>
+   <td> 3pv-DaL </td>
+   <td> 3rd Party Vendor -- Disclaimer and Licence </td>
+   <td> <a href="http://www.cacert.org/policy/3pvDisclaimerAndLicence.php">http://www.cacert.org/policy/3pvDisclaimerAndLicence.php</a> </td>
+   <td> p2010... </td>
+   <td> Distributor Agreement </td>
+</tr>
+
+<tr>
+   <td> COD7 </td>
+   <td> DRP </td>
+   <td> Dispute Resolution Policy </td>
+   <td> <a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">http://www.cacert.org/policy/DisputeResolutionPolicy.php</a> </td>
+   <td> m20070919.3 </td>
+   <td> . </td>
+</tr>
+
+<tr>
+   <td> 9 </td>
+   <td> AP </td>
+   <td> Assurance Policy </td>
+   <td> <a href="http://www.cacert.org/policy/DisputeResolutionPolicy.php">http://www.cacert.org/policy/DisputeResolutionPolicy.php</a> </td>
+   <td> p2010... </td>
+   <td> . </td>
+</tr>
+</table>
+<hr>
+
+<p>
+Primary Documents may authorise other secondary documents
+under the same process (PoP).
+Document Officer manages a controlled documents list
+containing numbers, locations and versions of all controlled documents.
+</p>
+
+<h4> <a name="2.2">2.2</a> <a name="doc_change"> Change </a> </h4>
+
+
+<p>
+Overall responsibility for change to documents resides with the policy mailgroup, as specified in Policy on Policy. CAcert Inc., board maintains a veto on new policies while in DRAFT. Fully approved documents (POLICY status) are published on the CAcert website at http://www.cacert.org/policy/ in plain HTML format.
+</p>
+
+<p>
+Pre-approval work (DRAFT status) and working documents (work-in-progress status) are made available on publically-accessible version management systems (Subversion: http://svn.cacert.org/CAcert/Policies . wiki: http://wiki.cacert.org/wiki/PolicyDrafts ).
+</p>
+
+<h4> <a name="2.3">2.3</a> <a name="doc_control"> Control </a> </h4>
+
+<p>
+CAcert policies are required to be owned / transferred to CAcert. See PoP 6.2. 
+</p>
+
+<h3> <a name="3">3</a> <a name="Hardware"> Hardware </a> </h3>
+
+<!-- This section from A.1.j -->
+
+<h4> <a name="3.1">3.1</a> <a name="hard_list"> Controlled Hardware List </a> </h4>
+
+<p>
+Critical systems are defined by Security Policy.
+</p>
+
+<h4> <a name="3.2">3.2</a> <a name="hard_change"> Change </a> </h4>
+
+<p> See Security Policy.  </p>
+
+<h4> <a name="3.3">3.3</a> <a name="hard_control"> Control </a> </h4>
+
+<p>
+Control of Hardware is the ultimate responsibility of the Board of CAcert Inc.
+The responsibility for acts with hardware is delegated
+to Access Engineers and Systems Administrators as per
+Security Policy.
+The ownership responsibility is delegated by agreement to Oophaga.
+</p>
+
+
+<h3> <a name="4">4</a> <a name="Software"> Software </a> </h3>
+<!-- This section from A.1.i -->
+<h4> <a name="4.1">4.1</a> <a name="hard_list"> Controlled Software List </a> </h4>
+
+<p>
+Critical software is defined by Security Policy.
+</p>
+
+<h4> <a name="4.2">4.2</a> <a name="soft_change"> Change </a> </h4>
+
+<p> See Security Policy.  </p>
+
+<h4> <a name="4.3">4.3</a> <a name="soft_control"> Control </a> </h4>
+
+<p>
+CAcert owns or requires full control over its code
+by means of an approved free and open licence.
+Such code must be identified and managed by Software Assessment.
+</p>
+
+<p>
+Developers transfer full rights to CAcert
+(in a similar fashion to documents),
+or organise their contributions under a
+proper free and open source code regime,
+as approved by Board.
+Where code is published
+(beyond scope of this document)
+care must be taken not to infringe licence conditions.
+For example, mingling issues with GPL.
+</p>
+
+<p>
+The Software Assessment Team Leader
+maintains a registry of assignments
+of title or full licence,
+and a registry of software under approved open source licences. 
+</p>
+
+
+
+<h3> <a name="5">5</a> <a name="Logs"> Logs </a> </h3>
+
+<!-- This section from A.1.k -->
+
+<h4> <a name="5.1">5.1</a> <a name="logs_list"> Controlled Logs List </a> </h4>
+
+<p>
+Logs are defined by Security Policy.
+</p>
+
+<h4> <a name="5.2">5.2</a> <a name="logs_change"> Changes </a> </h4>
+
+<p> Changes to Hardware and Software are logged according to Security Policy.  </p>
+
+<h4> <a name="5.3">5.3</a> <a name="logs_archive"> Archive </a> </h4>
+
+<p> See Security Policy.  </p>
+
+</body></html>