- Created by Baptiste Grenier on 2022 Apr 15
As a Cloud Provider, the following Policies and Procedures are relevant to you.
Policies
Title | Approval status | Owner | Statement |
---|---|---|---|
Security Policy Glossary of Terms | APPROVED | This document provides a common reference for the meaning of various terms used in the context of the EGI Security Policy Group documents. As well as defining terms, this glossary also limits the scope of meaning of terms used in the security policy documents. | |
Security Policy for the Endorsement and Operation of Virtual Machine Images | APPROVED | This document describes the security-related policy requirements for the generation, distribution and operations of virtual machine (VM) images, as part of a trusted computing environment of the IT infrastructure. The aim is to enable VM images to be generated according to best practices and to be both trusted and operated elsewhere. | |
Policy on the Processing of Personal Data | APPROVED | David Kelsey | This policy ensures that data collected as a result of the use of the Infrastructure is processed fairly and lawfully by Infrastructure participants. |
Security Incident Response Policy | APPROVED | Policy on handling security incidents. | |
Policy on Acceptable Authentication Assurance | APPROVED | This policy defines the approved authentication assurance sources. | |
Security Traceability and Logging Policy | APPROVED | Security policy requirements for traceability and logging. | |
Service Operations Security Policy | APPROVED | This security policy presents the conditions that apply to anyone running a Service on the Infrastructure, or to anyone providing a Service that is part of the Infrastructure. | |
e-infrastructure Security Policy | APPROVED | David Kelsey | Policy regulating those activities of e-Infrastructure participants related to the security of e-Infrastructure services and resources. |
Procedures
Title | Approval status | Owner | Statement |
---|---|---|---|
SEC01 EGI CSIRT Security Incident Handling Procedure | APPROVED | Computing Security Incident Response Team (CSIRT) | This procedure is aimed at minimising the impact of security incidents by encouraging post-mortem analysis and promoting cooperation between Resource Centres. |
PROC09 Resource Centre Registration and Certification | APPROVED | Alessandro Paolini | A procedure describing the steps for registering and certifying new Resource Centres (sites) in the EGI infrastructure. The certification steps can also be used to re-certify suspended Resource Centres (sites). |
PROC19 Integration of new cloud management framework or middleware stack in the EGI Infrastructure | APPROVED | Alessandro Paolini | A procedure for integrating new cloud management framework (Cloud platform) or middleware (Compute, Storage, etc.) in the EGI Production Infrastructure. |
SEC02 Software Vulnerability Issue Handling | APPROVED | The purpose of the EGI Software Vulnerability group is "To minimize the risk of security incidents due to software vulnerabilities" This document describes how Software vulnerabilities reported are handled. | |
PROC21 Resource Centre suspension | APPROVED | Alessandro Paolini | The document describes the process for suspending a Resource Centre in the EGI infrastructure |
SEC05 Security Resource Centre Certification Procedure | APPROVED | Computing Security Incident Response Team (CSIRT) | Security Resource Centre Certification Procedure applies to Resource Centres under certification process and re-certification of suspended Resource Centres (sites). This step of the security certification procedure checks that the resources under certification do not contain known CRITICAL software vulnerabilities. |
WI07 Security Vulnerability handling | APPROVED | Computing Security Incident Response Team (CSIRT) | Work instruction to follow Security Vulnerability handling RT tickets |
SEC03 EGI-CSIRT Critical Vulnerability Handling | APPROVED | EGI-CSIRT | The scope of this procedure is to maintain a properly patched infrastructure and make sure that CRITICAL Vulnerabilities are handled adequately by all involved entities. |
PROC15 Resource Center renaming | APPROVED | Alessandro Paolini | A procedure for changing name of a Resource Centre. |
PROC11 Resource Centre Decommissioning | APPROVED | Matthew Viljoen | A procedure describing the steps to decommission Resource Centres in the EGI infrastructure. |
PROC12 Production Service Decommissioning | APPROVED | Matthew Viljoen | A procedure describing the steps to decommission a Service operated by a Resource Centre in the EGI infrastructure |
PROC16 Decommissioning of unsupported software | APPROVED | Alessandro Paolini | A procedure for removal of unsupported software from production infrastructure |
PROC10 Recomputation of SAM results or availability reliability statistics | APPROVED | Alessandro Paolini | This procedure documents the steps for requesting a correction in the SAM test results and in the related availability/reliability statistics. |
- No labels