adopted 2 of Andreas Baess's suggested changes

git-svn-id: http://svn.cacert.org/CAcert/Policies@1894 14b1bab8-4ef6-0310-b690-991c95c89dfd

ConfigurationControlSpecification.html

@@ -34,6 +34,10 @@ th {
         color : blue;
         font-weight: bold;
 }
+.strike {
+        color : blue;
+        text-decoration:line-through;
+}
 
 a:hover {
         color : gray;
@@ -78,7 +82,14 @@ is derivative and is ruled by the CCS.
 
 <p>
 CCS is formated, inspired and designed to meet the needs of
-DRC-A.1.
+<span class="change">
+David Ross Criteria -
+<a href="http://rossde.com/CA_review/">Certificate Authority Review Checklist</a>
+- section A.1
+(
+</span>
+DRC-A.1
+<span class="change">)</span>.
 CCS may be seen as the index to systems audit under DRC.
 </p>
 
@@ -162,7 +173,13 @@ Critical systems are defined by Security Policy.
 
 <h4 id="s3.3">3.3  Control  </h4>
 
-<p>
+<p class="change">
+Security Policy places executive responsibility for Hardware with the Board of CAcert Inc.
+Access is delegated to Access Engineers (SP 2) and Systems Administrators (SP 3).
+Legal ownership may be delegated by agreement to other organisations (SP 9.4).
+</p>
+
+<p class="strike">
 Control of Hardware is the ultimate responsibility of the Board of CAcert Inc.
 The responsibility for acts with hardware is delegated
 to Access Engineers and Systems Administrators as per