From da157c5a81826b32854f046173645e3f7d7b244a Mon Sep 17 00:00:00 2001 From: Ian Grigg Date: Fri, 6 Mar 2009 20:39:36 +0000 Subject: [PATCH] meeting PD, Wytze. added outsourcing, review of SD provisions git-svn-id: http://svn.cacert.org/CAcert/Policies@1195 14b1bab8-4ef6-0310-b690-991c95c89dfd --- SecurityPolicy.html | 63 +++++++++++++++++++++++++++++++++++++++------ 1 file changed, 55 insertions(+), 8 deletions(-) diff --git a/SecurityPolicy.html b/SecurityPolicy.html index 11cf53f..c96d319 100644 --- a/SecurityPolicy.html +++ b/SecurityPolicy.html @@ -248,8 +248,11 @@ prepared in advance.

2.2.2. Cables

+

+Drop 2.2.2. +

-

+

Cabling to all equipment shall be labeled at both ends with identification of end points.

@@ -292,9 +295,10 @@ The following steps are to be taken:

  1. - The media is to be securely erased, and + The media is securely destroyed, or
  2. - The media is securely destroyed. + the media is to be securely erased, + and stored securely.

@@ -561,6 +565,16 @@ Passwords must be kept secure. The procedure for changing passwords should be documented.

+
4.1.1.4. Outsourcing
+ +

+Systems administration team leader may outsource non-critical +components such as DNS servers. +Outsourcing should be to Members who are Assurers, +who have the appropriate technical knowledge, +and are in good contact with team leader. +

+

4.1.2. Required staff response time

Response times should be documented. @@ -576,6 +590,12 @@ All changes made to system configuration must be recorded.

4.2.1. Coverage

+All sensitive events should be logged. +Logs should be deleted after an appropriate amount of time. +

+ +

+'''Move to SM:''' Logs shall be maintained for:

@@ -583,7 +603,7 @@ Logs shall be maintained for:
  • anomalous network traffic,
  • system activities and events,
  • application (certificate, web, mail, and database) events,
    • -
  • "Comms Module" requests for certificate signing on both the cryptographic module (signing server) and the main online server,
    • +
  • '''make generic''': "Comms Module" requests for certificate signing on both the cryptographic module (signing server) and the main online server,
  • login and root access,
  • configuration changes.
    • @@ -784,6 +804,10 @@ contact information needed.

    7. SOFTWARE DEVELOPMENT

    +

    +Change name of this to Software Assessment. +

    +

    Software development team is responsible for the security of the code. @@ -860,7 +884,9 @@ any Member that requests it.

    Once signed off, software development (team leader) coordinates with systems administration (team leader) -to offer the patch. +to offer the upgrade. +Upgrade format is to be negotiated, +but systems administration naturally has the last word. Software development people are not to have access to the critical systems, providing a dual control at the teams level. @@ -877,7 +903,7 @@ system administrators.

    Systems administrators copy the patches securely -from the repository onto the critical machine. +from the software development onto the critical machine. See §3.3.

    @@ -887,8 +913,29 @@ See §3.3.

    8.1. Authority

    -The access interface is under CCS. -Additions to the team are approved by Board +The software interface gives features to Support personnel. +Access to the special features is under tight control. +Additions to the team are approved by Board, +and the software features are under CCS. +

    + +

    +Support personnel do not have any inherent authority +to take any action, +and they have have to get authority on a case-by-case +basis. +The authority required in each case must be guided +by this policy or the Security Manual or other clear +applicable document. +If the Member's authority is not in doubt, +the Member can give that authority. + +The Arbitrator's authority must be sought. +

    + +

    +Support personnel are responsible to follow the +policies and practices.

    8.2. Responsibilities