@ -337,7 +337,7 @@ The following steps are to be taken:
Records of secure erasure and method of final disposal
Records of secure erasure and method of final disposal
shall be tracked in the asset inventory.
shall be tracked in the asset inventory.
Where critical data is involved,
Where critical data is involved,
two systems administrators must sign-off on each step.
two Systems Administrators must sign-off on each step.
</p>
</p>
<h3id="s2.3">2.3. Physical Access </h3>
<h3id="s2.3">2.3. Physical Access </h3>
@ -359,10 +359,10 @@ Access to physical equipment must be authorised.
<p>
<p>
The Security Manual must present the different access profiles.
The Security Manual must present the different access profiles.
At least one Access Engineer must control access in all cases.
At least one Access Engineer must control access in all cases.
At least one systems administrator will be present for
At least one Systems Administrator will be present for
logical access.
logical access.
Only the most basic and safest of accesses should be done with
Only the most basic and safest of accesses should be done with
one systems administrator present.
one Systems Administrator present.
</p>
</p>
<p>
<p>
@ -388,7 +388,7 @@ All physical accesses are logged and reported to all.
<p>
<p>
There must not be a procedure for emergency access.
There must not be a procedure for emergency access.
If, in the judgement of the systems administrator,
If, in the judgement of the Systems Administrator,
emergency access is required and gained,
emergency access is required and gained,
in order to avoid a greater harm,
in order to avoid a greater harm,
independent authorisation before the
independent authorisation before the
@ -412,7 +412,7 @@ codes and devices (keys) are to be authorised and documented.
<p>
<p>
Current and complete diagrams of the physical and logical
Current and complete diagrams of the physical and logical
CAcert network infrastructure shall be maintained by
CAcert network infrastructure shall be maintained by
systems administration team leader.
Systems Administration team leader.
These diagrams should include cabling information,
These diagrams should include cabling information,
physical port configuration details,
physical port configuration details,
expected/allowed data flow directions,
expected/allowed data flow directions,
@ -490,7 +490,7 @@ Documentation for installing and configuring servers with the appropriate softwa
<h4id="s3.2.3"> 3.2.3. Patching </h4>
<h4id="s3.2.3"> 3.2.3. Patching </h4>
<p>
<p>
Software used on production servers must be kept current with respect to patches affecting software security. Patch application is governed by CCS and must be approved by the systems administration team leader, fully documented in the logs and reported by email to the systems administration list on completion (see §4.2).
Software used on production servers must be kept current with respect to patches affecting software security. Patch application is governed by CCS and must be approved by the Systems Administration team leader, fully documented in the logs and reported by email to the Systems Administration list on completion (see §4.2).