SEC05 Security Resource Centre Certification Procedure
EGI-CSIRT web site | EGI-CSIRT Public wiki | EGI-CSIRT Contacts | EGI-CSIRT Activities | EGI-CSIRT Private wiki |
Title | Security Resource Centre Certification Procedure |
Document link | [https://wiki.egi.eu/wiki/EGI_CSIRT:Security_Resource_Centre_Certification_Procedure |
Last modified | 1.1 - 30 September 2014 |
Policy Group Acronym | Provide the acronym of the group creating this procedure ! |
Policy Group Name | EGI CSIRT |
Contact Group | EGI CSIRT |
Document Status | Draft |
Approved Date | Provide date of the approval! |
Procedure Statement | Security Resource Centre Certification Procedure applies to Resource Centres under certification process and re-certification of suspended Resource Centres (sites). This step of the security certification procedure checks that the resources under certification do not contain known CRITICAL software vulnerabilities. |
Owner | Owner of procedure |
Introduction
This page provides steps to certify Resource Centre from scurity point of view, as part of PROC09 Resource Centre Registration and Certification procedure. The monitoring is performed using the tools used by the EGI CSIRT and enabled upon request of Resource Centre.
N.B. The steps below are under development and may change until the process is discussed inside EGI CSIRT and with the EGI operations team.
This step of the security certification procedure checks that the resources under certification do not contain known CRITICAL software vulnerabilities.
Steps
HTC Resource Center
Responsible | Action | Prerequisites, if any | |
---|---|---|---|
1 |
RC |
Ask the EGI CSIRT to enable monitoring of the site. It is done by opening a ticket in "csirt" queue of EGI RT or sending a mail to csirt@rt.egi.eu. The mail must contain:
|
|
2 | EGI CSIRT |
Activate the monitoring of the site After monitoring has been activated the EGI tools will start gathering data and will keep it for evaluation. The monitoring has to run for at least 3 consecutive calendar days. |
|
3 | EGI CSIRT | If no security alert is raised via the monitoring over 3 consecutive calendar days period, the EGI CSIRT will communicate back a positive assesment. |
Cloud Resource Center
Responsible | Action | Prerequisites, if any | |
---|---|---|---|
1 |
RC |
Fill the EGI security survey and inform EGI Operations (operations@egi.eu)
|
|
2 | EGI Operations |
Send filled in survey to EGI CSIRT |
|
3 |
EGI CSIRT |
Communicate back an assessment result. In case of issues EGI CSIRT contact RC to better understand situation. |
Revision history
Version | Authors | Date | Comments |
---|---|---|---|