Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SPG:Drafts:Operations Policy"

From EGIWiki
Jump to navigation Jump to search
 
(33 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[Category:Security Policy_Group (SPG)]]
= Generalized Operations Policy =
= Generalized Operations Policy =


Line 8: Line 10:
  c. Exclude operations items to be considered by OMB
  c. Exclude operations items to be considered by OMB


== Backgroud ==
It is an evolution from the current version (https://documents.egi.eu/document/75).
It will take quite a bit of work to come from the current version (https://documents.egi.eu/document/75) to a new one and address everyone's concerns and issues -- but if we want to get to a set of topics before the User Forum meeting mid-April, we need to start the process. Via this Wiki,  I hope we can collect input and support the development of the new policy. Please follow the spg-discuss@egi.eu mailing list and discuss changes to this page there (of in a F2F meeting, of course).


== Next steps ==
This security policy has now been reviewed under EGI SPG "Phase 2 - External Review" and the comments incorporated into this version. References will be added to the derived PDF version of the document.
At least I would like to get an inventory of issues that we now think need to be addressed in the new policy. To aid the collection process, I think we should start collecting issues and indicating which bits of the current policy we should keep, and which bits should go.
The older draft may be found at https://documents.egi.eu/document/669.
 
= New Draft Text =


This policy is one of a set of documents that together define the Security Policy [R1]. This individual document must be considered in conjunction with all the policy documents in the set.


= New Draft Text =


'''Service Operations Security Policy'''
'''Service Operations Security Policy'''


By running a Service on the Infrastructure or by providing a service to the Infrastructure, You agree to the conditions laid down in this document and other referenced documents, which may be revised from time to time.
By running a Service on the IT Infrastructure, by providing a service that is part of the IT Infrastructure, or retaining state that is related to the IT Infrastructure, either provided as an independent service or hosted in a Resource Centre, You agree to the conditions laid down in this document and other referenced documents, which may be revised from time to time.


# You shall provide and maintain accurate contact information to the Infrastructure and any Resource Centres involved, including but not limited to at least one Security Contact who shall respond to enquiries in a timely fashion.
# You shall provide and maintain accurate contact information to the Infrastructure Organisation and any Resource Centres involved, including but not limited to at least one Security Contact who shall respond to enquiries in a timely fashion.
# You shall comply with all security policies and procedures of the Infrastructure and any Resources Centres involved.
# You shall comply with all security policies and procedures of the Infrastructure Organisation and of any Resources Centres involved in operating Your service.  
# You are held responsible by the Infrastructure and by any Resource Centres involved for the safe and secure operation of the Service. You shall not mislead Users regarding the suitability of a Service for their needs, nor mislead the Infrastructure or any Resource Centres involved about your Service. The Service shall not be detrimental to the Infrastructure and any Resource Centres involved.
# You are held responsible by the Infrastructure Organisation and by any Resource Centres involved for the safe and secure operation of the Service. You shall not mislead Users regarding the suitability of a Service for their needs, nor mislead the IT Infrastructure, Infrastructure Organisation, or any Resource Centres involved about your Service. The Service shall not be detrimental to the IT Infrastructure and any Resource Centres involved.
# You shall pro-actively apply software patches and updates related to security. When notified by the Infrastructure or any Resource Centres involved of software patches and updates required for security, You shall, as soon as reasonably possible in the circumstances, apply these to your systems.  
# You should follow IT security best practices that include pro-actively applying software patches, updates or configuration changes related to security. When notified by the Infrastructure Organisation or any Resource Centres involved of software patches, updates or configuration changes required for security, You shall apply these to your services within the specified time period.
# You shall use logged information, including information provided to you by Users, other Resource Centres, Service operations or by the Infrastructure, only for administrative, operational, accounting, monitoring and security purposes. You shall apply due diligence in maintaining the confidentiality of logged information.
# You shall collect and retain sufficient auditing information as defined in the Tracability and Logging Policy and procedures, and must assist the Infrastructure Organisation and any Resource Centres involved in security incident response.
# You shall collect and retain sufficient auditing information as defined in the Tracability and Logging Policy and procedures, and must assist the Infrastructure and any Resource Centres involved in security incident response.
# You shall use logged information, including information provided to you by Users, other Resource Centres, Service operations or by the Infrastructure Organisation, only for administrative, operational, accounting, monitoring and security purposes. You shall apply due diligence in maintaining the confidentiality of logged information.
# Your provisioning of Services on the Infrastructure shall not in itself create any intellectual property rights in software, information and data provided to your Service or in data generated by your Service.
# Your provisioning of Services shall not in itself create any intellectual property rights in software, information and data provided to your Service or in data generated by your Service.
# [''may need to or should move to a new non-security operations policy''] Provisioning of resources to the Infrastructure is at your own risk. Any software provided by the Infrastructure is provided on an as-is basis only, and subject to its own license conditions. There is no guarantee that any procedure applied by the Infrastructure is correct or sufficient for any particular purpose. The Infrastructure and other Sites are not liable for any loss or damage in connection with your participation in the Infrastructure.
# Provisioning of Services is at your own risk. Any software provided by the Infrastructure Organisation is provided on an as-is basis only, and subject to its own license conditions. There is no guarantee that any procedure applied by the Infrastructure Organisation is correct or sufficient for any particular purpose. The Infrastructure Organisation and other Resource Centres acting as service hosting providers are not liable for any loss or damage in connection with your participation in the IT Infrastructure.
# You may control access to Your Service for administrative, operational and security purposes and shall inform the affected users if you limit or suspend their access. You shall comply with all relevant incident response procedures regarding the notification of security incidents.
# You may control access to Your Service for administrative, operational and security purposes and shall inform the affected users if you limit or suspend their access. You shall comply with all relevant incident response procedures regarding the notification of security incidents.
# The Infrastructure and any Resources Centres involved may control your access to the Infrastructure or Resource Centres for administrative, operational and security purposes if you fail to comply with these conditions.
# The Infrastructure Organisation and any Resources Centres involved may control your access to the IT Infrastructure or Resource Centres for administrative, operational and security purposes if you fail to comply with these conditions.
# [''may need to or should move to a new non-security operations policy''] Disputes resulting from your participation in the Infrastructure will be resolved according to the Infrastructure escalation procedures.
 
= Comment on the draft text of site operations policy =
 
== Comments from --[[User:dfouosso|dfouosso]] 14:03, 20 April 2011 (UTC): ==
 
0 - ( missing links to revision process).
 
( Proposal, change the paragraph to:) By running a Service on the Infrastructure or by providing a service to the Infrastructure, you agree to the conditions laid down in this document and other referenced policies. EGI security policies may be revised from time to time according to EGI.eu Policy development Process and EGI-SPG Term of Reference.
 
1- Keep.
 
2 - ( NONSENSE: You shall comply with all security policies and procedures of [...] any Resources Centres involved. )
What makes that a site in UK "shall comply with " procedure of a resource center located Germany ?
 
( Proposal, change the paragraph to:) You shall comply with all security policies and procedures of the Infrastructure.
 
3- Keep.
 
4- ( too specific)
 
( Proposal, change the first sentence to: )
You should follow IT security best practises especially, you shall pro-actively apply software patches and updates related to security.
 
5- ( this concerns the Tracability and Logging Policy. We could remove this section as there is a reference to this policy at the next item).
 
6- Keep.
 
7- Keep.
 
8 - The minimum security level provided and the definition of responsibilities in case of a damage should be define in the contract between the resource center and that infrastructure.  Thus this seems not relevant a document that is intended to be used by everyone.
But if we keep this item, we should put "exacts" references to contract between EGI and resource providers.
 
9- Keep.
 
10- ( We should specify how this control is reglemented. )
 
11 - Keep.
 
= Issues with the current site operations policy =
 
== Items that are not related to security ==
 
Comments from --[[User:Ocalladw|Ocalladw]] 14:03, 13 April 2011 (UTC):
 
1. ''Keep!''
 
2. ''Keep!''
 
3. May have security implications, but not specific
 
4. ''Keep!''
 
5. Logging / data protection: borderline Security Policy!
 
6. IPR: not security specific
 
7.  Not security specific
 
8. ''Keep!''
 
9. General compliance with operational procedures
 
10. ''Keep!''
 
11. Dispute resolution is not security specific
 
== Items that are too specific to sites ==
* General question: is the intention to remove all reference to Sites / Resource Centres and to focus on operation of services?  If so, here are some comments/suggestions. --[[User:Ocalladw|Ocalladw]] 13:53, 13 April 2011 (UTC)
*# To adapt this directly, each service operator would need to register contact details somewhere. This could include, e.g.  a VO running a web server on a cloud. Or would the responsibility remain at the hosting resource centre?
*# ''no change''
*# Mentions "...mislead Users into submitting jobs or transferring data to your Site", so it's quite specific to sites (running grid middleware). This could be re-phrased as "...mislead Users into the suitability of a service for their needs"
*# ''no change''
*# Mentions "Sites": substitute with "other Resource Centres, Service Operators", etc.
*# Mentions "Site": rephrase to refer to "on your resources"
*# Mentions "Sites": could probably be removed, as the agreement is with "the Grid" not with "other Sites"
*# Replace "to your site" with "to your resources or services"
*# ''no change''
*# In this, "your access" appears to refer to a site's access to the Grid
*# ''no change''
 
== Items that are not policy but procedure ==
* "9. You shall comply with the Grid operational procedures including the requirement to support at least one VO designated by the Grid for the sole purpose of evaluating the availability of your Grid Services."
 
Perhaps this could be reduced to the first clause "9. You shall comply with the Grid operational procedures": the rest is a specific procedure related to a specific kind of infrastructure. If we want to preserve the spirit: "9. You shall comply with the Grid operational procedures, including procedures that have the purpose of evaluating the availability of your Grid Services." --[[User:Ocalladw|Ocalladw]] 13:14, 13 April 2011 (UTC)
 
= Issues to be considered for a generalized policy =
* Align terminology with updated EGI glossary (e.g. "Site") --[[User:Ocalladw|Ocalladw]] 13:09, 13 April 2011 (UTC)
* Replace the term '''the Grid''' with something suitably general. "Grid" suggests a link to current grid middleware and this policy should be usable by infrastructures that are not based on grid middleware. --[[User:Ocalladw|Ocalladw]] 13:09, 13 April 2011 (UTC)
* Avoid use of the term "VO", which may not have meaning in other infrastructures. I suggest "User Groups" or "Groups". --[[User:Ocalladw|Ocalladw]] 13:16, 13 April 2011 (UTC)
 
* Item 1. depends on a specific model for maintaining contacts. --[[User:Ocalladw|Ocalladw]] 13:30, 13 April 2011 (UTC)
 
* should we consider the 'worker node part' of the pilot job framework as a service and subject to this policy? Certainly the central component is a workload management service is ''is'' subject to this--[[User:Davidg|Davidg]] 08:17, 14 April 2011 (UTC)
* From the Pilot Job policy (#12): "The VO must make a description of the architecture, the security model and the source code of
their pilot job system available to Grid Security Operations and/or Sites on request." --[[User:Davidg|Davidg]] 09:21, 14 April 2011 (UTC)
* Discussion may be needed on the virtualised service models to be addressed by this policy as well --[[User:Davidg|Davidg]] 09:28, 14 April 2011 (UTC)
 
 
= Original (Site Operations) Text =
# You shall provide and maintain, in a central repository provided by the Grid, accurate contact information as specified in the Site Registration Policy, including but not limited to at least one Site Manager and one Site Security Contact who shall respond to enquiries in a timely fashion as defined in the Grid operational procedures.
# You shall comply with the Grid security policies, including any accounting and audit data requirements. You shall periodically assess your compliance with these policies, inform the Grid Security Officer of violations encountered in the assessment, and correct such violations forthwith.
# Before publishing information to the Grid resource information systems you shall make reasonable efforts to ensure that it is correct and up to date. You shall not publish information that could be detrimental to the operation of the Grid or mislead Users into submitting jobs or transferring data to your Site.
# When notified by the Grid of software patches and updates required for security and stability, you shall, as soon as reasonably possible in the circumstances, apply these to your systems. Other patches and updates should be applied following best practice.
# You shall use logged information, including information provided to you by Users, other Sites or by the Grid, for administrative, operational, accounting, monitoring and security purposes only. You shall apply due diligence in maintaining the confidentiality of logged information.
# Your participation in the Grid as a Site shall not create any intellectual property rights in software, information and data provided to your Site or in data generated by your Site in the processing of jobs.
# Provisioning of resources to the Grid is at your own risk. Any software provided by the Grid is provided on an as-is basis only, and subject to its own license conditions. There is no guarantee that any procedure applied by the Grid is correct or sufficient for any particular purpose. The Grid and other Sites are not liable for any loss or damage in connection with your participation in the Grid.
# You may control access by Users and VOs to your site for administrative, operational and security purposes and shall inform the Users or VOs if you limit or suspend their access. You shall comply with the Grid incident response procedures regarding the notification of security incidents and where appropriate, shall restore access as soon as reasonably possible.
# You shall comply with the Grid operational procedures including the requirement to support at least one VO designated by the Grid for the sole purpose of evaluating the availability of your Grid Services.
# The Grid may control your access to the Grid for administrative, operational and security purposes and remove your resource information from resource information systems if you fail to comply with these conditions.
# Disputes resulting from your participation in the Grid will be resolved according to the Grid escalation procedures.

Latest revision as of 15:52, 19 December 2012

Generalized Operations Policy

As a result of the January 2011 SPG meeting, there is an item to work on a re-write and generalization of the Site Operations Policy document (see https://www.egi.eu/indico/event/263):

Rewrite site operations policy as a general services security policy
a. Include service operation security policy (real and virtual)
b. Resource, providers, VM managers, etc
c. Exclude operations items to be considered by OMB

It is an evolution from the current version (https://documents.egi.eu/document/75).

This security policy has now been reviewed under EGI SPG "Phase 2 - External Review" and the comments incorporated into this version. References will be added to the derived PDF version of the document. The older draft may be found at https://documents.egi.eu/document/669.

New Draft Text

This policy is one of a set of documents that together define the Security Policy [R1]. This individual document must be considered in conjunction with all the policy documents in the set.


Service Operations Security Policy

By running a Service on the IT Infrastructure, by providing a service that is part of the IT Infrastructure, or retaining state that is related to the IT Infrastructure, either provided as an independent service or hosted in a Resource Centre, You agree to the conditions laid down in this document and other referenced documents, which may be revised from time to time.

  1. You shall provide and maintain accurate contact information to the Infrastructure Organisation and any Resource Centres involved, including but not limited to at least one Security Contact who shall respond to enquiries in a timely fashion.
  2. You shall comply with all security policies and procedures of the Infrastructure Organisation and of any Resources Centres involved in operating Your service.
  3. You are held responsible by the Infrastructure Organisation and by any Resource Centres involved for the safe and secure operation of the Service. You shall not mislead Users regarding the suitability of a Service for their needs, nor mislead the IT Infrastructure, Infrastructure Organisation, or any Resource Centres involved about your Service. The Service shall not be detrimental to the IT Infrastructure and any Resource Centres involved.
  4. You should follow IT security best practices that include pro-actively applying software patches, updates or configuration changes related to security. When notified by the Infrastructure Organisation or any Resource Centres involved of software patches, updates or configuration changes required for security, You shall apply these to your services within the specified time period.
  5. You shall collect and retain sufficient auditing information as defined in the Tracability and Logging Policy and procedures, and must assist the Infrastructure Organisation and any Resource Centres involved in security incident response.
  6. You shall use logged information, including information provided to you by Users, other Resource Centres, Service operations or by the Infrastructure Organisation, only for administrative, operational, accounting, monitoring and security purposes. You shall apply due diligence in maintaining the confidentiality of logged information.
  7. Your provisioning of Services shall not in itself create any intellectual property rights in software, information and data provided to your Service or in data generated by your Service.
  8. Provisioning of Services is at your own risk. Any software provided by the Infrastructure Organisation is provided on an as-is basis only, and subject to its own license conditions. There is no guarantee that any procedure applied by the Infrastructure Organisation is correct or sufficient for any particular purpose. The Infrastructure Organisation and other Resource Centres acting as service hosting providers are not liable for any loss or damage in connection with your participation in the IT Infrastructure.
  9. You may control access to Your Service for administrative, operational and security purposes and shall inform the affected users if you limit or suspend their access. You shall comply with all relevant incident response procedures regarding the notification of security incidents.
  10. The Infrastructure Organisation and any Resources Centres involved may control your access to the IT Infrastructure or Resource Centres for administrative, operational and security purposes if you fail to comply with these conditions.