cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: "Ian G (Audit)" <iang AT cacert.org>
- To: Policy-Discussion <cacert-policy AT lists.cacert.org>
- Cc: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>, CAcert Board <cacert-board AT lists.cacert.org>
- Subject: [Cacert-sysadm] Security Policy now reviewed by Systems Administration
- Date: Sun, 08 Mar 2009 10:32:49 +0100
- Authentication-results: lists.cacert.org; dkim=neutral header.i= AT cacert.org; dkim-asp=none
- List-archive: <http://lists.cacert.org/pipermail/cacert-sysadm>
- List-id: CAcert System Admins discussion list <cacert-sysadm.lists.cacert.org>
*Security Policy/Manual*. I recently met with Wytze, team leader for the critical systems team. Also present where Philipp Dunkel and Mendel, for parts. We worked through sections 2,3,4,5,9 of Security Policy and Security Manual [1]. There were many changes of detail, but substantial agreement.
A lot remains to be done for systems administration to meet the policy, but I don't think there are any points of disagreement between my side and systems administration as to the words. This suggests the Security Policy is close to being ready for presentation to the Policy Group. Once it goes into DRAFT we have a document.
*Audit of Systems*. We can now talk about auditing the systems, as I have a documented basis on which to work. To that end, I and Wytze have agreed to "pencil in" a first formal audit visit on 04-06 May
This only gives 8 weeks to get some of the policy work implemented, so it will be tough. Recalling that this is a new team, and has taken over a migrated system without substantial documentation, difficulties are expected and progress has been slow.
*Policy Group*. Which means that it would be very useful to have the Security Policy in DRAFT by the time that visit starts. With it, we have a binding policy, and an auditable one. Without, I'm on a tourist trip. I've seen enough windmills and clogs for a lifetime, so let's concentrate on the first option :)
https://svn.cacert.org/CAcert/Policies/SecurityPolicy.html
iang
[1] 1,10 are the document structure. 6,7,8 are the specialist areas that are other teams (Software and Support) or board (Disaster Recovery).
[2] 7th May: NLUUG conference is in Ede as well.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
- [Cacert-sysadm] Security Policy now reviewed by Systems Administration, Ian G (Audit), 03/08/2009
Archive powered by MHonArc 2.6.16.