EGI Security Policies
The policy documents produced by the former JSPG are valid since 1st May for the EGI partners. They are in the process of being imported into new documents template. For all up to date EGI security policies, please refer to the EGI Security Policy Group wiki page.
EGI Operational Security Procedures
- Security Incident Handling Procedure, defined by EGI CSIRT. The document has been approved by EGI OMB and PMB . Also there is a Site Incident Response checklist [] and an Incident Response Flowchart [].
- Vulnerability Issue Handling Procedure, defined by EGI SVG. The document has been approved by EGI OMB and PMB.
- CSIRT Critical Security Operational Procedure. The document is in validation process.
- EGI Critical Vulnerability Handling Procedure . A joint EGI-SVG and EGI-CSIRT process to handle critical vulnerabilities. The document is in validation process.
The "Security Incident Handling Procedure" define site and incident coordinator responsibilities when handling Grid-related security incident. ALL EGI sites are required to follow the new procedure to report and handle Grid-related security incident. We strongly encourage our security contacts and system administrators to have a printing copy of this procedure. For more details you can browse the wiki page https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting. Find also a Site Incident Response checklist at []
The "Software Vulnerability Issue Handling Process" describes the process used to report and resolve Grid Software vulnerabilities in the EGI Inspire project. It describes the responsibilities of various people within the SVG, the EGI InSPIRE project and in the communities providing software distributed in the EGI Unified Middleware Distribution and how the various groups interact with this process. For more details you can browse the wiki page https://wiki.egi.eu/wiki/SVG#What_to_do_if_you_find_a_Software_Vulnerability_in_the_EGI_infrastructure .
The "Critical Security Operational Procedure" is a brief document describing the procedure for dealing with Critical Security Issues where action needs to be taken by a single site or multiple sites.
The "EGI Critical Vulnerability Handling Procedure" is a joint EGI-SVG and EGI-CSIRT process to handle critical vulnerabilities. It includes more about what to do BEFORE setting the 7 day deadline, including some SVG activities.