|
|
@ -46,6 +46,7 @@ These systems include:
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
These roles and teams are effected:
|
|
|
|
These roles and teams are effected:
|
|
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<ul><li>
|
|
|
|
<ul><li>
|
|
|
|
Hardware Controllers (Oophaga)
|
|
|
|
Hardware Controllers (Oophaga)
|
|
|
@ -62,7 +63,6 @@ These roles and teams are effected:
|
|
|
|
Software Development Team
|
|
|
|
Software Development Team
|
|
|
|
(approval of application code)
|
|
|
|
(approval of application code)
|
|
|
|
</li></ul>
|
|
|
|
</li></ul>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h4><a name="1.1.1">1.1.2.</a> Out of Scope </h4>
|
|
|
|
<h4><a name="1.1.1">1.1.2.</a> Out of Scope </h4>
|
|
|
|
|
|
|
|
|
|
|
@ -76,6 +76,7 @@ Architecture is out of scope, see CPS#6.2.
|
|
|
|
<h3><a name="1.2">1.2.</a> Principles </h3>
|
|
|
|
<h3><a name="1.2">1.2.</a> Principles </h3>
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
Important principles of this Security Manual are:
|
|
|
|
Important principles of this Security Manual are:
|
|
|
|
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
<ul><li>
|
|
|
|
<ul><li>
|
|
|
|
<i>dual control</i> -- at least two individuals must control a task
|
|
|
|
<i>dual control</i> -- at least two individuals must control a task
|
|
|
@ -96,7 +97,6 @@ Important principles of this Security Manual are:
|
|
|
|
</li><li>
|
|
|
|
</li><li>
|
|
|
|
<i>Audit</i> -- where external reviewers do checks on practices and policies
|
|
|
|
<i>Audit</i> -- where external reviewers do checks on practices and policies
|
|
|
|
</li></ul>
|
|
|
|
</li></ul>
|
|
|
|
</p>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<p>
|
|
|
|
<p>
|
|
|
|
Each task or asset is covered by a variety of protections
|
|
|
|
Each task or asset is covered by a variety of protections
|
|
|
|