- Created by Baptiste Grenier on 2022 Apr 15
As a End user the following Policies and Procedures are relevant to you.
Policies
| Title | Approval status | Owner | Statement |
|---|---|---|---|
| Grid Policy on the Handling of User-Level Job Accounting | APPROVED | This document presents the minimum requirements and policy framework for the handling of user-level accounting data created, stored, transmitted, processed and analysed as a result of the execution of jobs on the Grid. | |
| Security Policy Glossary of Terms | APPROVED | This document provides a common reference for the meaning of various terms used in the context of the EGI Security Policy Group documents. As well as defining terms, this glossary also limits the scope of meaning of terms used in the security policy documents. | |
| Security Policy for the Endorsement and Operation of Virtual Machine Images | APPROVED | This document describes the security-related policy requirements for the generation, distribution and operations of virtual machine (VM) images, as part of a trusted computing environment of the IT infrastructure. The aim is to enable VM images to be generated according to best practices and to be both trusted and operated elsewhere. | |
| Policy on e-infrastructure Multi-User Pilot Jobs | APPROVED | Security policy for operation of multi-user pilot jobs. | |
| VO Portal Policy | APPROVED | This security policy applies to all Portals operated by Virtual Organisations that participate in the e-Infrastructure. It defines the conditions that apply to each of four different portal classes. | |
| Acceptable Use Policy and Conditions of Use | APPROVED | The conditions of use described in the AUP have to be accepted by all Users during their registration as a user of the Infrastructure. | |
| Policy on the Processing of Personal Data | APPROVED | David Kelsey | This policy ensures that data collected as a result of the use of the Infrastructure is processed fairly and lawfully by Infrastructure participants. |
| Security Incident Response Policy | APPROVED | Policy on handling security incidents. | |
| e-infrastructure Security Policy | APPROVED | David Kelsey | Policy regulating those activities of e-Infrastructure participants related to the security of e-Infrastructure services and resources. |
Procedures
| Title | Approval status | Owner | Statement |
|---|---|---|---|
| SEC01 EGI CSIRT Security Incident Handling Procedure | APPROVED | Computing Security Incident Response Team (CSIRT) | This procedure is aimed at minimising the impact of security incidents by encouraging post-mortem analysis and promoting cooperation between Resource Centres. |
| PROC20 Support for CVMFS replication across the EGI and other partner collaboration CVMFS services | APPROVED | Catalin Condurache | The document describes the process of enabling the replication of CVMFS spaces across EGI and other partner collaboration CVMFS infrastructures |
| PROC14 VO Registration | APPROVED | The document describes the process of enabling a Virtual Organisation (VO) on the EGI infrastructure. | |
| ISRM7 Creation of a new support unit in the Helpdesk GGUS | APPROVED | Creating a new support unit in the EGI Helpdesk service (GGUS). | |
| PROC13 VO Deregistration | APPROVED | Alessandro Paolini | A procedure describing how to decommission a Virtual Organization currently registered in the EGI infrastructure. |
| SEC02 Software Vulnerability Issue Handling | APPROVED | The purpose of the EGI Software Vulnerability group is "To minimize the risk of security incidents due to software vulnerabilities" This document describes how Software vulnerabilities reported are handled. | |
| PROC22 Support for CVMFS replication across the EGI Infrastructure | APPROVED | Catalin Condurache | The procedure describes the process of creating a repository within the EGI CVMFS infrastructure for an EGI VO |
| SEC04 EGI CSIRT Operational Procedure for Compromised Certificates and Central Security Emergency suspension | APPROVAL REQUIRED | Computing Security Incident Response Team (CSIRT) | This procedure describes what should be done by the EGI CSIRT in the event of a compromised identity certificate, including long lived certificates and proxies. This applies to robot certificates and service certificates as well as user certificates. This also includes what is done when certificates are linked to security incidents. This procedure also addresses usage of Central Security Emergency suspension. The implications of a CA compromise are also briefly described. |
| PROC16 Decommissioning of unsupported software | APPROVED | Alessandro Paolini | A procedure for removal of unsupported software from production infrastructure |
- No labels