Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SEC05 Security Resource Centre Certification Procedure"

From EGIWiki
Jump to navigation Jump to search
(Deprecate page, content moved to EGIPP space in confluence)
Tag: Replaced
 
(50 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{New-Egi-csirt-header}}  
{{Template:Op menubar}}
{{TOC_right}}
{{Template:Doc_menubar}}
{{TOC_right}}  
[[Category:Operations Procedures]]


{{Ops_procedures
{{DeprecatedAndMovedTo|new_location=https://confluence.egi.eu/display/EGIPP/SEC05+Security+Resource+Centre+Certification+Procedure}}
|Doc_title = Security Resource Centre Certification Procedure
|Doc_link = [https://wiki.egi.eu/wiki/EGI_CSIRT:Security_Resource_Centre_Certification_Procedure|https://wiki.egi.eu/wiki/EGI_CSIRT:Security_Resource_Centre_Certification_Procedure]
|Version = 1.1 - 30 September 2014
|Policy_name = EGI CSIRT
|Contact_group =  EGI CSIRT
|Doc_status = Draft
|Procedure_statement = Security Resource Centre Certification Procedure applies to Resource Centres under certification process and re-certification of suspended Resource Centres (sites). This step of the security certification procedure checks that the resources under certification do not contain known CRITICAL software vulnerabilities. 
}}
 
= Introduction  =
 
<br>This page provides steps to certify Resource Centre from scurity point of view, as part of [[PROC09|PROC09 Resource Centre Registration and Certification]] procedure. The monitoring is performed using the tools used by the EGI CSIRT and enabled upon request of Resource Centre. <br><br>N.B. The steps below are under development and may change until the process is discussed inside EGI CSIRT and with the EGI operations team. <br><br>
 
This step of the security certification procedure checks that the resources under certification do not contain known CRITICAL software vulnerabilities.
 
= Steps  =
 
== HTC Resource Center  ==
 
{| class="wikitable"
|-
! <br>
! Responsible
! Action
! Prerequisites, if any
|- valign="top"
| 1<br>
| RC<br>
|
'''Ask the EGI CSIRT to enable monitoring of the site.''' <br>
 
It is done by opening a ticket in ''"csirt" ''queue of [http://rt.egi.eu EGI RT] or sending a mail to csirt@rt.egi.eu. <br>
 
The mail must contain:<br>
 
*the name of the Resource Centre<br>
*NGI&nbsp;
 
|
|- valign="top"
| 2
| EGI&nbsp;CSIRT
|
'''Activate the monitoring of the site<br>'''
 
After monitoring has been activated the EGI tools will start gathering data and will keep it for evaluation.
 
The monitoring has to run for at least 3 consecutive calendar days.
 
| <br>
|- valign="top"
| 3
| EGI&nbsp;CSIRT
| If no security alert is raised via the monitoring over 3 consecutive calendar days period, '''the EGI CSIRT will communicate back a positive assesment'''.
|
|}
 
== Cloud Resource Center  ==
 
{| class="wikitable"
|-
! <br>
! Responsible
! Action
! Prerequisites, if any
|- valign="top"
| 1<br>
| RC<br>
|
'''Fill the '''[https://www.surveymonkey.com/r/Cloud_Security_Questionnaire_for_Resource_Centres '''''EGI&nbsp;security survey''&nbsp;'''] and inform EGI Operations (operations@egi.eu)<br>
 
*The purpose of the survey is to assess that the technology used to provide cloud services fulfils the EGI security policies and procedures.
 
|
|- valign="top"
| 2
| EGI Operations
|
'''Send filled in survey to EGI CSIRT'''
 
| <br>
|- valign="top"
| 3<br>
| EGI&nbsp;CSIRT<br>
|
'''Communicate back an assessment''' '''result'''.
 
In case of issues EGI CSIRT&nbsp;contact RC to better understand situation.
 
| <br>
|}
 
= Revision history  =
 
{| class="wikitable"
|-
! Version
! Authors
! Date
! Comments
|-
|
|
|
|
|}

Latest revision as of 10:43, 10 December 2021