Subject: Policy-Discussion
List archive
- From: Philipp Gühring <pg AT futureware.at>
- To: "Policy-Discussion" <cacert-policy AT lists.cacert.org>
- Subject: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification
- Date: Sat, 18 Feb 2006 19:08:49 +0100
- List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
- List-id: Policy-Discussion <cacert-policy.lists.cacert.org>
- Organization: Futureware 2001
Hi,
The current audits demand a formal Configuration Control Specification.
We are currently in the process of writing it, and I would start the first
review round now. (I think we minimum 2 weeks now for the review and approval
process.)
The most current version of the CCS is always available here:
http://www2.futureware.at/svn/sourcerer/CAcert/ConfigurationControlSpecification.txt
== Configuration Control Specification for Documents ==
This Specification covers the following documents:
* This Configuration Control Specification
* Certificate policy (This is currently part of the Certification practice
statement)
* Certification practice statement
* Subscriber privacy policy
* Security manual
* Declarations of risks and liability (This is currently part of the
Certification practice statement)
Approval process:
The drafts of the documents are under a publically accessible version
management system.
(Currently: Subversion on http://www2.futureware.at/svn/sourcerer/CAcert/ )
Changes to all those documents are integrated by the editor.
Changes are reviewed by the public CAcert Policy Mailinglist:
http://lists.cacert.org/cgi-bin/mailman/listinfo/cacert-policy with the
subject tag "[CHANGE-REVIEW]" and period of review set as "no less than 3
days".
Changed versions are approved and published by the Board of CAcert Inc. or a
designated Approval Commitee.
Details on the Approval Commitee will be available on
http://www.cacert.org/index.php?id=8
Approved versions are published on the CAcert website, and versioned in an
internal version control system.
== Configuration Control Specification for Software ==
The system administrator is responsible for changes to any kind of software.
The system administrator watches and tracks the Distributors newsfeed of
patches to the stable branch of the distribution, and applies them when
necessary.
All software installations and updates are logged in a logfile.
Software changes are not checked or approved by someone else.
== Configuration Control Specification for Hardware ==
The system administrator is responsible for changes to any of CAcert´s
hardware.
Changes to the hardware do not need to be formally documented.
Hardware changes are not checked or approved by someone else.
== Configuration Control Specification for Root Certificates ==
The system administrator is responsible for changes to any of CAcert´s root
certificates.
Best regards,
Philipp Gühring
- [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Philipp Gühring, 02/18/2006
- <Possible follow-up(s)>
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Philipp Gühring, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Kyle Hamilton, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Philipp Gühring, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Kyle Hamilton, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Ian G, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Kyle Hamilton, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Philipp Gühring, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Kyle Hamilton, 02/20/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Lambert.Hofstra, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Kyle Hamilton, 02/20/2006
- RE: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Peter Williams, 02/20/2006
- Re: [CAcert-Policy] [FIRSTREVIEW] Configuration Control Specification, Duane, 02/20/2006
Archive powered by MHonArc 2.6.16.