You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

167 lines
4.8 KiB

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8">
<title>Security Policy</title>
<style type="text/css">
P { color: #000000 }
TD P { color: #000000 }
H1 { color: #000000 }
H2 { color: #000000 }
DT { color: #000000 }
DD { color: #000000 }
H3 { color: #000000 }
TH P { color: #000000 }
<body style="direction: ltr; color: rgb(0, 0, 0);" lang="en-GB">
<h1>Security Policy for CAcert Systems</h1>
<p><a href="PolicyOnPolicy.html"><img src="Images/cacert-wip.png" id="graphics1" alt="CAcert Security Policy Status == wip" align="bottom" border="0" height="33" width="90"></a>
Creation date: 2009-02-16<br>
Status: <i>work-in-progress</i>
<h2><a target="1">1.</a> Introduction</h2>
<h3><a name="1.1">1.1.</a> Motivation and Scope </h3>
This Security Manual sets out required procedures
for the secure operation of the CAcert critical computer systems.
These systems include:
Physical hardware mounting the logical services
Webserver + database (core server(s))
Signing service (signing server)
Support interface
Source code (changes and patches)
<h4><a name="1.1.1">1.1.1.</a> Effected Personnel </h4>
These roles and teams are effected:
Hardware Controllers (Oophaga)
Direct Hardware Access Systems Administrators
(as listed in Oophaga Appendix B Access List)
Application Administrators
(online access to critical systems at Unix level)
Support Team
(online access via administration interfaces)
Software Development Team
(approval of application code)
<h4><a name="1.1.1">1.1.2.</a> Out of Scope </h4>
Non-critical systems are not covered by this manual,
but may be guided by it, and impacted where they are
found within the security context.
Architecture is out of scope, see CPS#6.2.
<h3><a name="1.2">1.2.</a> Principles </h3>
Important principles of this Security Manual are:
<i>dual control</i> -- at least two individuals must control a task
<i>4 eyes</i> -- at least two individuals must be present during a task,
one to execute and one to observe.
<i>redundancy</i> -- no single individual is the only one authorized
to perform a task.
<i>escrow</i> -- where critical information (backups, passwords)
is kept with other parties
<i>logging</i> -- where events are recorded in a file
<i>separation of concerns</i> -- when a core task is split between
two people from different areas
<i>Audit</i> -- where external reviewers do checks on practices and policies
Each task or asset is covered by a variety of protections
deriving from the above principles.
<h3><a name="1.3">1.3.</a> Definition of Terms</h3>
<dt><i>Systems Administrator</i> </dt>
A Member who manages a critial system, and has access
to security-sensitive functions or data.
<h3><a name="1.4">1.4.</a> Version control</h3>
<h4><a name="1.4.1">1.4.1.</a> The Security Policy Document </h4>
This Security Policy is part of the configuration-control specification
for audit purposes (DRC).
It is under the control of Policy on Policy for version purposes.
This policy document says what is done, rather than how to do it.
<h4><a name="1.4.2">1.4.2.</a> The Security Manual (Practices) Document </h4>
This Policy explicitly defers detailed security practices to the
<a href="">Security Manual</a>
The SM says how things are done.
As practices are things that vary from time to time,
including between each event of practice,
the SM is under the direct control of the Systems Administration team.
It is located and version-controlled on the CAcert wiki.
<h4><a name="1.4.3">1.4.3.</a> The Security Procedures </h4>
The Systems Administration team may from time to time
explicitly defer single, cohesive components of the
security practices into separate procedures documents.
Each procedure should be managed in a wiki page under
their control, probably at
<a href="">
Each procedure must be referenced explicitly in the Security Manual.
<h2><a name="end">End</a></h2>
<p>This is the end of the Security Policy.</p>
<p><a href=""><img src="Images/valid-xhtml11-blue" id="graphics2" alt="Valid XHTML 1.1" align="bottom" border="0" height="33" width="90"></a>