meeting PD, Wytze. added outsourcing, review of SD provisions

git-svn-id: http://svn.cacert.org/CAcert/Policies@1195 14b1bab8-4ef6-0310-b690-991c95c89dfd

SecurityPolicy.html

@@ -248,8 +248,11 @@ prepared in advance.
 </p>
 
 <h4><a name="2.2.2">2.2.2.</a> Cables </h4>
+<p class="error">
+Drop  2.2.2.
+</p>
 
-<p>
+<p class="q">
 Cabling to all equipment shall be labeled at both ends
 with identification of end points.
 </p>
@@ -292,9 +295,10 @@ The following steps are to be taken:
 </p>
 
 <ol><li>
-    The media is to be securely erased, <b>and</b>
+    The media is securely destroyed, <b>or</b>
   </li><li>
-    The media is securely destroyed.
+    the media is to be securely erased,
+    and stored securely.
 </li></ol>
 
 <p>
@@ -561,6 +565,16 @@ Passwords must be kept secure.
 The procedure for changing passwords should be documented.
 </p>
 
+<h5> <a name="4.1.1.4">4.1.1.4.</a> Outsourcing </h5>
+
+<p>
+Systems administration team leader may outsource non-critical
+components such as DNS servers.
+Outsourcing should be to Members who are Assurers,
+who have the appropriate technical knowledge,
+and are in good contact with team leader.
+</p>
+
 <h4> <a name="4.1.2">4.1.2.</a> Required staff response time </h4>
 <p>
 Response times should be documented.
@@ -576,6 +590,12 @@ All changes made to system configuration must be recorded.
 <h4> <a name="4.2.1">4.2.1.</a> Coverage </h4>
 
 <p>
+All sensitive events should be logged.
+Logs should be deleted after an appropriate amount of time.
+</p>
+
+<p class="q">
+'''Move to SM:'''
 Logs shall be maintained for:
 </p>
 
@@ -583,7 +603,7 @@ Logs shall be maintained for:
     <li> anomalous network traffic, </li>
     <li> system activities and events, </li>
     <li> application (certificate, web, mail, and database) events, </li>
-    <li> "Comms Module" requests for certificate signing on both the cryptographic module (signing server) and the main online server, </li>
+    <li> '''make generic''':  "Comms Module" requests for certificate signing on both the cryptographic module (signing server) and the main online server, </li>
     <li> login and root access, </li>
     <li> configuration changes.  </li>
 </ul>
@@ -784,6 +804,10 @@ contact information needed.
 
 <h2><a name="7">7.</a> SOFTWARE DEVELOPMENT</h2>
 
+<p class="q">
+Change name of this to Software Assessment.
+</p>
+
 <p>
 Software development team is responsible
 for the security of the code.
@@ -860,7 +884,9 @@ any Member that requests it.
 <p>
 Once signed off, software development (team leader)
 coordinates with systems administration (team leader)
-to offer the patch.
+to offer the upgrade.
+Upgrade format is to be negotiated,
+but systems administration naturally has the last word.
 Software development people are not to have access
 to the critical systems, providing a dual control
 at the teams level.
@@ -877,7 +903,7 @@ system administrators.
 
 <p>
 Systems administrators copy the patches securely
-from the repository onto the critical machine.
+from the software development onto the critical machine.
 See &sect;3.3.
 </p>
 
@@ -887,8 +913,29 @@ See &sect;3.3.
 
 <h3> <a name="8.1"> 8.1. </a> Authority </h3>
 <p>
-The access interface is under CCS.
-Additions to the team are approved by Board
+The software interface gives features to Support personnel.
+Access to the special features is under tight control.
+Additions to the team are approved by Board,
+and the software features are under CCS.
+</p>
+
+<p>
+Support personnel do not have any inherent authority
+to take any action,
+and they have have to get authority on a case-by-case
+basis.
+The authority required in each case must be guided
+by this policy or the Security Manual or other clear
+applicable document.
+If the Member's authority is not in doubt,
+the Member can give that authority.
+
+The Arbitrator's authority must be sought.
+</p>
+
+<p>
+Support personnel are responsible to follow the
+policies and practices.
 </p>
 
 <h3> <a name="8.2"> 8.2. </a> Responsibilities </h3>