This place hosts the Information Security procedures applying to the operations of the EGI Federation.
Adding a new procedure can be done using a dedicated form: Create from template
| Title | Approval status | Approved version and date | Procedure status | Statement |
|---|---|---|---|---|
| SEC01 EGI CSIRT Security Incident Handling Procedure | APPROVED |
| FINAL | This procedure is aimed at minimising the impact of security incidents by encouraging post-mortem analysis and promoting cooperation between Resource Centres. |
| SEC02 Software Vulnerability Issue Handling | APPROVED | EGI ACE version 0.10 | FINALISED | The purpose of the EGI Software Vulnerability group is "To minimize the risk of security incidents due to software vulnerabilities" This document describes how Software vulnerabilities reported are handled. |
| SEC05 Security Resource Centre Certification Procedure | APPROVED |
| FINALISED | Security Resource Centre Certification Procedure applies to Resource Centres under certification process and re-certification of suspended Resource Centres (sites). This step of the security certification procedure checks that the resources under certification do not contain known CRITICAL software vulnerabilities. |
| WI07 Security Vulnerability handling | APPROVED | v.2 | FINALISED | Work instruction to follow Security Vulnerability handling RT tickets |
| SEC03 EGI-CSIRT Critical Vulnerability Handling | APPROVED |
| FINALISED | The scope of this procedure is to maintain a properly patched infrastructure and make sure that CRITICAL Vulnerabilities are handled adequately by all involved entities. |
| SEC04 EGI CSIRT Operational Procedure for Compromised Certificates and Central Security Emergency suspension | APPROVAL REQUIRED | DRAFT | This procedure describes what should be done by the EGI CSIRT in the event of a compromised identity certificate, including long lived certificates and proxies. This applies to robot certificates and service certificates as well as user certificates. This also includes what is done when certificates are linked to security incidents. This procedure also addresses usage of Central Security Emergency suspension. The implications of a CA compromise are also briefly described. |