Date: Thu, 28 Mar 2024 17:26:01 +0100 (CET) Message-ID: <819311988.190.1711643161739@czmuims01.ops.egi.eu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_189_729181561.1711643161739" ------=_Part_189_729181561.1711643161739 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
As an HTC Provider, the following Policies and Proced= ures are relevant to you.
Title | Approval status | Owner | Statement |
---|---|---|---|
Grid Policy on t= he Handling of User-Level Job Accounting |
APPROVED |
This document presents the minimum requirements and policy framework fo= r the handling of user-level accounting data created, stored, transmitted, = processed and analysed as a result of the execution of jobs on the Grid. | |
Security Policy Glossary of Terms= td> |
APPROVED |
This document provides a common reference for the meaning of various te= rms used in the context of the EGI Security Policy Group documents. As well= as defining terms, this glossary also limits the scope of meaning of terms= used in the security policy documents. | |
Policy on e-infrastructu= re Multi-User Pilot Jobs |
APPROVED |
Security policy for operation of multi-user pilot jobs. | |
Policy on the Processing of Per= sonal Data |
APPROVED |
David Kelsey | This policy ensures that data collected as a result of the use of the I= nfrastructure is processed fairly and lawfully by Infrastructure participan= ts. |
Security Incident Response Policy= td> |
APPROVED |
Policy on handling security incidents. | |
Policy on Acceptable Authen= tication Assurance |
APPROVED |
This policy defines the approved authentication assurance sources= . | |
Security Traceability and Loggin= g Policy |
APPROVED |
Security policy requirements for traceability and logging. | |
Service Operations Security Policy= |
APPROVED |
This security policy presents the= conditions that apply to anyone running a Service on the Infrastructure, o= r to anyone providing a Service that is part of the Infrastructure.<= /td> | |
e-infrastructure Security Policy |
APPROVED |
David Kelsey | Policy regulat= ing those activities of e-Infrastructure participants related to the securi= ty of e-Infrastructure services and resources. |
Title | Approval status | Owner | Statement |
---|---|---|---|
PROC09 Resource Cen= tre Registration and Certification |
APPROVED |
Alessandro Paolini |
A procedure describing the steps f= or registering and certifying new Resource Centres (sites) in the EGI infra= structure. The certification steps can also be used to re-certify suspended= Resource Centres (sites). |
SEC02 Software Vulnerability = Issue Handling |
APPROVED |
The purpose of the EGI Software Vulnerability group is "To minimize the = risk of security incidents due to software vulnerabilities" This document d= escribes how Software vulnerabilities reported are handled. |
|
SEC01 EGI CSIRT Secu= rity Incident Handling Procedure |
APPROVED |
CSIRT | This procedure is aimed at minimising the impact of security incidents = by encouraging post-mortem analysis and promoting cooperation between Resou= rce Centres. |
PROC21 Resource Centre suspension= td> |
APPROVED |
Alessandro Paolini |
The document describes the process= for suspending a Resource Centre in the EGI infrastructure |
SEC05 Security Res= ource Centre Certification Procedure |
APPROVED |
CSIRT | Security Resource Centre Certification Procedure applies to Resource Ce= ntres under certification process and re-certification of suspended Resourc= e Centres (sites). This step of the security certification procedure checks= that the resources under certification do not contain known CRITICAL softw= are vulnerabilities. |
WI07 Security Vulnerability handling= |
APPROVED |
CSIRT |
Work instruction to follow Security Vulnerability handling RT tickets |
SEC03 EGI-CSIRT Critical = Vulnerability Handling |
APPROVED |
EGI-CSIRT | The scope of this procedure is to maintain a properly patched infrastru= cture and make sure that CRITICAL Vulnerabilities are handled adequately by= all involved entities. |
PROC19 Integration of new cloud management framew= ork or middleware stack in the EGI Infrastructure |
APPROVED |
Alessandro Paolini |
A procedure for integrating new cloud management framework (Cloud platfo= rm) or middleware (Compute, Storage, etc.) in the EGI Production Infrastruc= ture. |
SEC04 EGI CSIRT Operational Procedure f= or Compromised Certificates and Central Security Emergency suspension= td> |
APPROVAL REQ= UIRED |
CSIRT |
This procedure describes what should be done by the EGI CSIRT in the eve= nt of a compromised identity certificate, including long lived certificates= and proxies. This applies to robot certificates and service certificates a= s well as user certificates. This also includes what is done when certifica= tes are linked to security incidents. This procedure also addresses usage o= f Central Security Emergency suspension. The implications of a CA compromis= e are also briefly described. |
PROC15 Resource Center renaming |
APPROVED |
Alessandro Paolini |
A procedure for changing name of a= Resource Centre. |
PROC11 Resource Centre Decommissio= ning |
APPROVED |
Matthew Viljoen |
A procedure describing the steps t= o decommission Resource Centres in the EGI infrastructure. |
PROC12 Production Service Decom= missioning |
APPROVED |
Matthew Viljoen |
A procedure describing the steps t= o decommission a Service operated by a Resource Centre in the EGI infrastru= cture |
PROC16 Decommissioning of = unsupported software |
APPROVED |
Alessandro Paolini |
A procedure for removal of unsuppo= rted software from production infrastructure |
PROC10 Recomputation of SAM results or availability reliability statistic= s |
APPROVED |
Alessandro Paolini |
This procedure documents the steps for requesting a correction in the SA= M test results and in the related availability/reliability statistics. <= /td> |