cacert/cacert-policies
9
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fixed 2.2.1.1 after discussion on Policy group

Browse source 
git-svn-id: http://svn.cacert.org/CAcert/Policies@1899 14b1bab8-4ef6-0310-b690-991c95c89dfd
This commit is contained in:
Ian Grigg 2010-05-13 02:06:56 +00:00
parent cc2da9f70b
commit e3e373f3a1
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
SecurityPolicy.html
View file

@ -48,6 +48,7 @@ a:hover {
<body lang="en-GB"> <body lang="en-GB">
<ul class="change"> <ul class="change">
<li> 20100513: With some consensus from policy group, changed the text in 2.2.1.1 to transfer the detailed handling of pre-purchase risks to SM.</li>
<li> 20100512: Some clarifying tweaks to semantics supplied by Philipp G, added Arb as a role in 9.1.1. but not as critical role. </li> <li> 20100512: Some clarifying tweaks to semantics supplied by Philipp G, added Arb as a role in 9.1.1. but not as critical role. </li>
<li> 20100511: Introduced "Board" term, tightened "approval" semantics, s/wiped/erased/, slight semantic tweaks. </li> <li> 20100511: Introduced "Board" term, tightened "approval" semantics, s/wiped/erased/, slight semantic tweaks. </li>
<li> 20100502: Made 7.3 blank, "refer to SM" </li> <li> 20100502: Made 7.3 blank, "refer to SM" </li>
@ -281,7 +282,12 @@ Machines shall be housed in secured facilities (cages and/or locked racks).
</p> </p>
<h4 id="s2.2.1.1">2.2.1.1 Acquisition </h4> <h4 id="s2.2.1.1">2.2.1.1 Acquisition </h4>
<p> <p class="change">
Equipment for critical purposes should be acquired
in a way to minimise pre-acquisition security risks.
</p>
<p class="strike">
Acquisition of new equipment that is subject to a Acquisition of new equipment that is subject to a
pre-purchase security risk must be done from a pre-purchase security risk must be done from a
vendor that is regularly and commercially in business. vendor that is regularly and commercially in business.