Difference between revisions of "SPG:Drafts:Security Policy"

From EGIWiki
Jump to: navigation, search
(Definitions)
(update some instances of the words Grid and Site)
Line 35: Line 35:
 
== Scope ==
 
== Scope ==
 
This ''policy'' applies to all ''participants''.
 
This ''policy'' applies to all ''participants''.
Every ''site'' participating in the ''Grid'' autonomously owns and follows their own local security policies with respect to the system administration and networking of all the ''resources'' they own, including ''resources'' which are part of the ''Grid''. This ''policy'' augments local policies by setting out additional ''Grid''-specific requirements.
+
Every ''resource centre'' participating in the ''IT Infrastructure'' autonomously owns and follows their own local security policies with respect to the system administration and networking of all the ''resources'' they own, including ''resources'' which are part of the ''IT Infrastructure''. This ''policy'' augments local policies by setting out additional ''IT Infrastructure''-specific requirements.
  
 
== Additional Policy Documents ==
 
== Additional Policy Documents ==
 
Appendix 1 defines additional policy documents which must exist for a proper implementation of this ''policy''. These documents are referred to in section 2.  
 
Appendix 1 defines additional policy documents which must exist for a proper implementation of this ''policy''. These documents are referred to in section 2.  
An accompanying document for each ''Grid'' adopting this ''policy'' must define the ''Grid-''specific locations and version numbers of their approved and adopted additional policy documents.
+
An accompanying document for each ''IT Infrastructure'' adopting this ''policy'' must define the ''IT Infrastructure-''specific locations and version numbers of their approved and adopted additional policy documents.
  
 
== Ownership and Maintenance ==
 
== Ownership and Maintenance ==
Line 56: Line 56:
 
The IT Security Officer may, in consultation with the CSIRT, IT Organisation and other appropriate persons, require actions by ''participants'' as are deemed necessary to protect ''resources'' from or contain the spread of IT security incidents. The IT Security Officer also handles requests for exceptions to this ''policy'' as described in section 5.  
 
The IT Security Officer may, in consultation with the CSIRT, IT Organisation and other appropriate persons, require actions by ''participants'' as are deemed necessary to protect ''resources'' from or contain the spread of IT security incidents. The IT Security Officer also handles requests for exceptions to this ''policy'' as described in section 5.  
 
The responsibilities of Grid Security Operations include:
 
The responsibilities of Grid Security Operations include:
*The maintenance of contact details of security personnel at each participating ''site'' and the facilitation of ''Grid''-related communications between them.  
+
*The maintenance of contact details of security personnel at each participating ''resource centre'' and the facilitation of ''IT Infrastructure''-related communications between them.  
 
*Handling of operational security problems as they arise.  
 
*Handling of operational security problems as they arise.  
 
*Providing incident response teams who will act according to the Security Incident Response Policy [6].
 
*Providing incident response teams who will act according to the Security Incident Response Policy [6].
Line 70: Line 70:
 
''VOs'' are required to abide by the Virtual Organisation Operations Policy [9] and the Virtual Organisation Registration Security Policy [2]. They must have a VO Acceptable Use Policy (AUP) and ensure that only individuals who have agreed to abide by the Grid AUP [1] and the VO AUP are registered as members of the ''VO''.
 
''VOs'' are required to abide by the Virtual Organisation Operations Policy [9] and the Virtual Organisation Registration Security Policy [2]. They must have a VO Acceptable Use Policy (AUP) and ensure that only individuals who have agreed to abide by the Grid AUP [1] and the VO AUP are registered as members of the ''VO''.
 
=== User Registration and VO Membership Service ===
 
=== User Registration and VO Membership Service ===
The ''user'' registration procedure of the ''VO'' is required to be consistent with the Virtual Organisation Membership Management Policy [8]. Approval to join the ''VO'' must be restricted to individuals who are recognised as having legitimate rights to membership and who agree to be bound by the AUPs. A VO membership service must be provided with appropriate interfaces to generate authentication, authorization and other identity mapping data for the services running on the ''sites''. ''VO''s are required to maintain the accuracy of the information held and published about their members, and to promptly remove individuals who lose their right to such membership.
+
The ''user'' registration procedure of the ''VO'' is required to be consistent with the Virtual Organisation Membership Management Policy [8]. Approval to join the ''VO'' must be restricted to individuals who are recognised as having legitimate rights to membership and who agree to be bound by the AUPs. A VO membership service must be provided with appropriate interfaces to generate authentication, authorization and other identity mapping data for the services running on the ''resource centres''. ''VO''s are required to maintain the accuracy of the information held and published about their members, and to promptly remove individuals who lose their right to such membership.
 
=== VO-specific Resources and Services ===
 
=== VO-specific Resources and Services ===
''VO''s are responsible for ensuring that their ''software'' does not pose security threats, that access to their databases is secure and is sufficiently monitored, that their stored ''data ''are compliant with legal requirements, and that VO-specific ''services'' are properly monitored and do not compromise ''sites'' or ''resources''. Need to refer to Service Operations policy. Also VO Portal policy ... Also their client actions towards other participants.
+
''VO''s are responsible for ensuring that their ''software'' does not pose security threats, that access to their databases is secure and is sufficiently monitored, that their stored ''data ''are compliant with legal requirements, and that VO-specific ''services'' are properly monitored and do not compromise ''resource centres'' or ''resources''. Need to refer to Service Operations policy. Also VO Portal policy ... Also their client actions towards other participants.
 
=== Applying Sanctions to Users ===
 
=== Applying Sanctions to Users ===
 
''VOs'' are responsible for promptly investigating reports of ''users'' failing to comply with the AUPs and for taking appropriate action to ensure compliance in the future, as defined in section 6.
 
''VOs'' are responsible for promptly investigating reports of ''users'' failing to comply with the AUPs and for taking appropriate action to ensure compliance in the future, as defined in section 6.
Line 86: Line 86:
 
''Users'' may be held responsible for all actions taken using their credentials, whether carried out personally or not. No intentional sharing of credentials for ''Grid'' purposes is permitted.
 
''Users'' may be held responsible for all actions taken using their credentials, whether carried out personally or not. No intentional sharing of credentials for ''Grid'' purposes is permitted.
 
''Users'' must be aware that their jobs will often use ''resources ''owned by others. They must observe any restrictions on access to ''resources'' that they encounter and must not attempt to circumvent such restrictions.  
 
''Users'' must be aware that their jobs will often use ''resources ''owned by others. They must observe any restrictions on access to ''resources'' that they encounter and must not attempt to circumvent such restrictions.  
Application software written or selected by ''users'' for execution on ''resources'' must be directed exclusively to the legitimate purposes of their ''VO''. Such software must respect the autonomy and privacy of the host ''sites'' on whose ''resources'' it may run.
+
Application software written or selected by ''users'' for execution on ''resources'' must be directed exclusively to the legitimate purposes of their ''VO''. Such software must respect the autonomy and privacy of the host ''resource centres'' on whose ''resources'' it may run.
  
 
== Resource Centre ''Management ==
 
== Resource Centre ''Management ==
The responsibilities of the ''Site management'' include:
+
The responsibilities of the ''resource centre management'' include:
 
=== Site Operations Policy ===
 
=== Site Operations Policy ===
''Sites'' hosting ''resources ''are required to provide reliable and well managed ''services'' and abide by the Grid Site Operations Policy [3]. ''Sites'' must abide by the Site Registration Security Policy [7] and the Grid Security Traceability and Logging Policy [5].
+
''resource centres'' hosting ''resources ''are required to provide reliable and well managed ''services'' and abide by the Grid Site Operations Policy [3]. ''resource centres'' must abide by the Site Registration Security Policy [7] and the Grid Security Traceability and Logging Policy [5].
 
=== Mitigating Risks ===
 
=== Mitigating Risks ===
''Sites'' acknowledge that participating in the ''Grid'' increases the risk from security incidents, to both ''Grid'' and non-''Grid'' hosts on each site. ''Sites'' are responsible for mitigating this risk.
+
''resource centres'' acknowledge that participating in the ''IT Infrastructure'' increases the risk from security incidents, to both ''IT Infrastructure'' and non-''IT Infrastructure'' hosts on each resource centre. ''resource centres'' are responsible for mitigating this risk.
 
=== Incident Response ===
 
=== Incident Response ===
''Sites ''accept the duty to cooperate with Grid Security Operations and others in investigating and resolving security incidents, and to take responsible action as necessary to safeguard ''resources'' during an incident in accordance with the Security Incident Response Policy [6].
+
''resource centres ''accept the duty to cooperate with Grid Security Operations and others in investigating and resolving security incidents, and to take responsible action as necessary to safeguard ''resources'' during an incident in accordance with the Security Incident Response Policy [6].
 
=== Access Control ===
 
=== Access Control ===
Access to all ''resources'' is controlled by a common grid security infrastructure which includes both authentication and authorization components. The global components of this infrastructure, e.g. as specified in the Approval of Certification Authorities [4], must be deployed by all ''sites'' and ''resources''. The deployment of additional local security measures is permitted should the local security policies of the site or resource administration require this.
+
Access to all ''resources'' is controlled by a common IT Infrastructure security infrastructure which includes both authentication and authorization components. The global components of this infrastructure, e.g. as specified in the Approval of Certification Authorities [4], must be deployed by all ''resource centres'' and ''resources''. The deployment of additional local security measures is permitted should the local security policies of the resource centre or resource administration require this.
 
=== Notification of Legal Compliance Issues ===
 
=== Notification of Legal Compliance Issues ===
If exceptions or extensions to this ''policy'' are required because of local legislation, the ''site'' must inform the Grid Security Officer(see section 5).
+
If exceptions or extensions to this ''policy'' are required because of local legislation, the ''resource centre'' must inform the IT Infrastructure Security Officer(see section 5).
 
== Resource Centre Administrators ==
 
== Resource Centre Administrators ==
 
In addition to their local site policy ''resource centre administrators'' must ensure their implementations of ''services'' comply with this ''policy''. The responsibilities of ''resource centre administrators'' include:
 
In addition to their local site policy ''resource centre administrators'' must ensure their implementations of ''services'' comply with this ''policy''. The responsibilities of ''resource centre administrators'' include:
 
=== Notifying Site Personnel ===
 
=== Notifying Site Personnel ===
''Resource administrators'' are responsible for ensuring that their ''site ''is registered with the ''Grid'' and that all appropriate personnel concerned with security or system management at their ''site'' are notified of and accept the requirements of this ''policy'' before offering any ''services''.
+
''Resource administrators'' are responsible for ensuring that their ''resource centre ''is registered with the ''IT Infrastructure'' and that all appropriate personnel concerned with security or system management at their ''resource centre'' are notified of and accept the requirements of this ''policy'' before offering any ''services''.
 
=== Resource Administration ===
 
=== Resource Administration ===
 
The ''resource administrators'' are responsible for the installation and maintenance of ''resources'' assigned to them, including the ongoing security and integrity.
 
The ''resource administrators'' are responsible for the installation and maintenance of ''resources'' assigned to them, including the ongoing security and integrity.
  
 
= Physical Security =
 
= Physical Security =
All the requirements for the physical security of ''resources'' are expected to be adequately covered by each ''site’s'' local security policies and practices. These should, as a minimum, reduce the risks from intruders, fire, flood, power failure, equipment failure and environmental hazards. Stronger physical security may be required for equipment used to provide certain critical ''services'' such as VO membership services or credential repositories. The technical details of such additional requirements are contained in the procedures for operating and approving such ''services''.
+
All the requirements for the physical security of ''resources'' are expected to be adequately covered by each ''resource centre’s'' local security policies and practices. These should, as a minimum, reduce the risks from intruders, fire, flood, power failure, equipment failure and environmental hazards. Stronger physical security may be required for equipment used to provide certain critical ''services'' such as VO membership services or credential repositories. The technical details of such additional requirements are contained in the procedures for operating and approving such ''services''.
  
 
= Network Security =
 
= Network Security =
All the requirements for the networking security of ''resources'' are expected to be adequately covered by each ''site’s'' local security policies and practices. These should, as a minimum, reduce the risks from intruders and failures of hardware or software by implementing appropriate firewall protection, by the timely application of all critical security-related software patches and updates, and by maintaining and observing clearly defined incident response procedures.  
+
All the requirements for the networking security of ''resources'' are expected to be adequately covered by each ''resource centre’s'' local security policies and practices. These should, as a minimum, reduce the risks from intruders and failures of hardware or software by implementing appropriate firewall protection, by the timely application of all critical security-related software patches and updates, and by maintaining and observing clearly defined incident response procedures.  
It is ''Grid ''policy to minimise the security risk exposed by applications which need to communicate across the Internet; even so, the peripheral firewall on every participating ''site ''may be required to permit the transit of inbound and outbound packets to/from certain port numbers between a number of external and internal hosts in order to run or reach ''services''.
+
It is ''IT Infrastructure ''policy to minimise the security risk exposed by applications which need to communicate across the Internet; even so, the peripheral firewall on every participating ''resource centre ''may be required to permit the transit of inbound and outbound packets to/from certain port numbers between a number of external and internal hosts in order to run or reach ''services''.
  
 
= Limits to Compliance =
 
= Limits to Compliance =
Line 122: Line 122:
 
''Resource Infrastructure Providers - need a para''
 
''Resource Infrastructure Providers - need a para''
  
''Sites'' or ''resource administrators'' who fail to comply with this ''policy'' in respect of a ''service'' they are operating may lose the right to have that service instance recognised by the ''Grid'' until compliance has been satisfactorily demonstrated again.
+
''resource centres'' or ''resource administrators'' who fail to comply with this ''policy'' in respect of a ''service'' they are operating may lose the right to have that service instance recognised by the ''IT Infrastructure'' until compliance has been satisfactorily demonstrated again.
''Users'' who fail to comply with this ''policy'' may lose their right of access to and/or collaboration with the ''Grid'', and may have their activities reported to their home institute or, if those activities are thought to be illegal, to appropriate law enforcement agencies.
+
''Users'' who fail to comply with this ''policy'' may lose their right of access to and/or collaboration with the ''IT Infrastructure'', and may have their activities reported to their home institute or, if those activities are thought to be illegal, to appropriate law enforcement agencies.
''VOs'' which fail to comply with this ''policy''','''''together with all the ''users'' whose rights with respect to the ''Grid'' derives from that ''VO'', may lose their right of access to and/or collaboration with the ''Grid''.
+
''VOs'' which fail to comply with this ''policy''','''''together with all the ''users'' whose rights with respect to the ''IT Infrastructure'' derives from that ''VO'', may lose their right of access to and/or collaboration with the ''IT Infrastructure''.
The issues of liability, dispute resolution and intellectual property rights, all of which may be ''Grid''-specific, should be addressed in the additional policy documents.(We propose to delete this sentence)  
+
The issues of liability, dispute resolution and intellectual property rights, all of which may be ''IT Infrastructure''-specific, should be addressed in the additional policy documents.(We propose to delete this sentence)  
  
 
= Appendix 1: Additional Policy Documents =
 
= Appendix 1: Additional Policy Documents =
 
The current list of additional policy documents describing procedures, rules and other technical details required to implement this ''policy'' are presented here.
 
The current list of additional policy documents describing procedures, rules and other technical details required to implement this ''policy'' are presented here.
 
The current versions may always be found in the EGI document database at [https://documents.egi.eu/public/DocumentDatabe EGI Document Database]
 
The current versions may always be found in the EGI document database at [https://documents.egi.eu/public/DocumentDatabe EGI Document Database]
An accompanying document for each ''Grid'' adopting this ''policy'' must define the ''Grid-''specific locations and version numbers of their approved and adopted additional policy documents
+
An accompanying document for each ''IT Infrastructure'' adopting this ''policy'' must define the ''IT Infrastructure-''specific locations and version numbers of their approved and adopted additional policy documents
  
 
The additional policy documents with their web links are as follows:
 
The additional policy documents with their web links are as follows:

Revision as of 12:05, 29 March 2012

The *new draft* IT Infrastructure Security Policy

This is a DRAFT document being revised by EGI SPG. It is not final and has not been approved or adopted. The currently adopted top-level security policy document is available at https://documents.egi.eu/document/86.

This policy is one of a set of documents that together define the Security Policy [RefXX]. This individual document must be considered in conjunction with all the policy documents in the set.

Introduction and Definitions

To fulfil its mission, it is necessary for the IT Infrastructure to protect its assets. This document presents the policy regulating those activities of participants related to the security of the IT Infrastructure.

Definitions

The phrase IT Infrastructure when italicised in this document, means any distributed computing operational infrastructure which uses Grid, Cloud, HTC or HPC technologies and decides to adopt this policy.

The other italicised words used in this document are defined as follows:

  • Policy is interpreted to include rules, responsibilities and procedures specified in this document together with all those in other documents which are required to exist by stipulations in this document.
  • A participant is any entity providing, using, managing, operating, supporting or coordinating one or more IT service(s).
  • A service is any computing or software system, based on XXX technologies, which provides access to, information about or controls resources.
  • A resource is the equipment and software required to run a service on the IT Infrastructure, and any data held on the service.
  • Included in the definition of equipment are processors and associated disks, tapes and other peripherals, storage systems and storage media, networking components and interconnecting media.
  • Included in the definition of software are operating systems, utilities, compilers and other general purpose applications, any software required to operate any equipment, software and middleware released and/or distributed by the IT Organisation and any software required to support any application associated with Virtual Organisations or other authorized users.
  • Included in the definition of data are data required to operate any equipment defined as a resource, data required to operate any service, data intended to be processed or produced by any software defined as a resource, and any application data.
  • The IT Organisation is the collection of the various boards, committees, groups and individuals mandated to oversee and control the IT Infrastructure.
  • A user is an individual who has been given authority to access and use IT Infrastructure resources.
  • A Virtual Organisation (or VO) is a grouping of users and optionally resources, usually not bound to a single institution, who, by reason of their common membership and in sharing a common goal, are given authority to use a set of resources.
  • Included in the definition of a VO are cases where resources are offered to individual users who are not members of a formal VO. These users are, however, often associated with an application community, and these communities, or even a single user, are treated in this document as though they are a VO.
  • VO management is the collection of various individuals and groups mandated to oversee and control a VO.
  • A resource centre is an entity having administrative control of resources provided to the IT Infrastructure. This may be at one physical location or spread across multiple physical locations.
  • resource centre management is the collection of various individuals and groups mandated to oversee and control a resource centre.
  • A resource administrator is the person responsible for installing, operating, maintaining and supporting one or more resource(s) at a resource centre.

Objectives

This policy gives authority for actions which may be carried out by certain individuals and bodies and places responsibilities on all participants.

Scope

This policy applies to all participants. Every resource centre participating in the IT Infrastructure autonomously owns and follows their own local security policies with respect to the system administration and networking of all the resources they own, including resources which are part of the IT Infrastructure. This policy augments local policies by setting out additional IT Infrastructure-specific requirements.

Additional Policy Documents

Appendix 1 defines additional policy documents which must exist for a proper implementation of this policy. These documents are referred to in section 2. An accompanying document for each IT Infrastructure adopting this policy must define the IT Infrastructure-specific locations and version numbers of their approved and adopted additional policy documents.

Ownership and Maintenance

This policy is prepared and maintained by the Security Policy Group, approved by management and thereby endorsed and adopted by the Grid as a whole. This policy will be revised by the Security Policy Group as required and resubmitted for formal approval and adoption whenever significant changes are needed. The most recently approved version of this document is available at https://documents.egi.eu/document/86

Roles and Responsibilities

This section defines the roles and responsibilities of participants. Participants must be uniquely identifiable and the binding of identifiers to participants must be persistent, i.e. no name recycling.

The IT Organisation

TheIT Organisation provides, through the adoption of this policy and through its representations on the various approving bodies of the IT Infrastructure, the overall authority for the decisions and actions resulting from this policy including procedures for the resolution of disputes.

The IT Security Officer and the CSIRT

TheIT Organisation must appoint a IT Security Officer who leads and/or coordinates the CSIRT providing the operational security capability. The IT Security Officer may, in consultation with the CSIRT, IT Organisation and other appropriate persons, require actions by participants as are deemed necessary to protect resources from or contain the spread of IT security incidents. The IT Security Officer also handles requests for exceptions to this policy as described in section 5. The responsibilities of Grid Security Operations include:

  • The maintenance of contact details of security personnel at each participating resource centre and the facilitation of IT Infrastructure-related communications between them.
  • Handling of operational security problems as they arise.
  • Providing incident response teams who will act according to the Security Incident Response Policy [6].

Resource Infrastructure Provider Management

i.e. a Resource Centre Federation A resource centre federation is resonspible for ensuring compliance of all its resource centre members and provides the capabilities for meeting the responsibilities for its members with respect to this policy and can represent its members towards the IT Organisation.

Virtual Organisation Management

The responsibilities of the VO management include:

Appoint a Security Officer or ensure that they have a security incident response capability

VO Security Policies

VOs are required to abide by the Virtual Organisation Operations Policy [9] and the Virtual Organisation Registration Security Policy [2]. They must have a VO Acceptable Use Policy (AUP) and ensure that only individuals who have agreed to abide by the Grid AUP [1] and the VO AUP are registered as members of the VO.

User Registration and VO Membership Service

The user registration procedure of the VO is required to be consistent with the Virtual Organisation Membership Management Policy [8]. Approval to join the VO must be restricted to individuals who are recognised as having legitimate rights to membership and who agree to be bound by the AUPs. A VO membership service must be provided with appropriate interfaces to generate authentication, authorization and other identity mapping data for the services running on the resource centres. VOs are required to maintain the accuracy of the information held and published about their members, and to promptly remove individuals who lose their right to such membership.

VO-specific Resources and Services

VOs are responsible for ensuring that their software does not pose security threats, that access to their databases is secure and is sufficiently monitored, that their stored data are compliant with legal requirements, and that VO-specific services are properly monitored and do not compromise resource centres or resources. Need to refer to Service Operations policy. Also VO Portal policy ... Also their client actions towards other participants.

Applying Sanctions to Users

VOs are responsible for promptly investigating reports of users failing to comply with the AUPs and for taking appropriate action to ensure compliance in the future, as defined in section 6.

Users

All users must be members of one of the registered VOs or application communities.

The responsibilities of users include:

Acceptable Use

Users must accept and agree to abide by the Grid Acceptable Use Policy [1] and the VO AUP when they register or renew their registration with a VO. Users must be aware that their work may utilise shared resources and may therefore affect the work of others. They must show responsibility, consideration and respect towards other users in the demands they place on the Grid. Users must have a suitable authentication credential issued as approved by the Grid. They must ensure that others cannot use their credentials to masquerade as them or usurp their access rights. Users may be held responsible for all actions taken using their credentials, whether carried out personally or not. No intentional sharing of credentials for Grid purposes is permitted. Users must be aware that their jobs will often use resources owned by others. They must observe any restrictions on access to resources that they encounter and must not attempt to circumvent such restrictions. Application software written or selected by users for execution on resources must be directed exclusively to the legitimate purposes of their VO. Such software must respect the autonomy and privacy of the host resource centres on whose resources it may run.

Resource Centre Management

The responsibilities of the resource centre management include:

Site Operations Policy

resource centres hosting resources are required to provide reliable and well managed services and abide by the Grid Site Operations Policy [3]. resource centres must abide by the Site Registration Security Policy [7] and the Grid Security Traceability and Logging Policy [5].

Mitigating Risks

resource centres acknowledge that participating in the IT Infrastructure increases the risk from security incidents, to both IT Infrastructure and non-IT Infrastructure hosts on each resource centre. resource centres are responsible for mitigating this risk.

Incident Response

resource centres accept the duty to cooperate with Grid Security Operations and others in investigating and resolving security incidents, and to take responsible action as necessary to safeguard resources during an incident in accordance with the Security Incident Response Policy [6].

Access Control

Access to all resources is controlled by a common IT Infrastructure security infrastructure which includes both authentication and authorization components. The global components of this infrastructure, e.g. as specified in the Approval of Certification Authorities [4], must be deployed by all resource centres and resources. The deployment of additional local security measures is permitted should the local security policies of the resource centre or resource administration require this.

Notification of Legal Compliance Issues

If exceptions or extensions to this policy are required because of local legislation, the resource centre must inform the IT Infrastructure Security Officer(see section 5).

Resource Centre Administrators

In addition to their local site policy resource centre administrators must ensure their implementations of services comply with this policy. The responsibilities of resource centre administrators include:

Notifying Site Personnel

Resource administrators are responsible for ensuring that their resource centre is registered with the IT Infrastructure and that all appropriate personnel concerned with security or system management at their resource centre are notified of and accept the requirements of this policy before offering any services.

Resource Administration

The resource administrators are responsible for the installation and maintenance of resources assigned to them, including the ongoing security and integrity.

Physical Security

All the requirements for the physical security of resources are expected to be adequately covered by each resource centre’s local security policies and practices. These should, as a minimum, reduce the risks from intruders, fire, flood, power failure, equipment failure and environmental hazards. Stronger physical security may be required for equipment used to provide certain critical services such as VO membership services or credential repositories. The technical details of such additional requirements are contained in the procedures for operating and approving such services.

Network Security

All the requirements for the networking security of resources are expected to be adequately covered by each resource centre’s local security policies and practices. These should, as a minimum, reduce the risks from intruders and failures of hardware or software by implementing appropriate firewall protection, by the timely application of all critical security-related software patches and updates, and by maintaining and observing clearly defined incident response procedures. It is IT Infrastructure policy to minimise the security risk exposed by applications which need to communicate across the Internet; even so, the peripheral firewall on every participating resource centre may be required to permit the transit of inbound and outbound packets to/from certain port numbers between a number of external and internal hosts in order to run or reach services.

Limits to Compliance

Exceptions to compliance with this policy include, but are not limited to, the following: Wherever possible, IT Infrastructure policies and procedures are designed so that they may be applied uniformly across all resource centre federations, resource centres'andVOs. If this is not possible, for example due to legal or contractual obligations, exceptions may be made. Such exceptions must be justified in a document submitted to the IT Security Officer for authorisation and, if required, approval at the appropriate level of management. In exceptional circumstances it may be necessary for participants to take emergency action in response to some unforeseen situation which may violate some aspect of this policy for the greater good of pursuing or preserving legitimate IT Infrastructure objectives. If such a policy violation is necessary, the exception should be minimised, documented, time-limited and authorised at the highest level of the management commensurate with taking the emergency action promptly, and the details notified to the IT Security Officer at the earliest opportunity.

Sanctions

Resource Infrastructure Providers - need a para

resource centres or resource administrators who fail to comply with this policy in respect of a service they are operating may lose the right to have that service instance recognised by the IT Infrastructure until compliance has been satisfactorily demonstrated again. Users who fail to comply with this policy may lose their right of access to and/or collaboration with the IT Infrastructure, and may have their activities reported to their home institute or, if those activities are thought to be illegal, to appropriate law enforcement agencies. VOs which fail to comply with this policy,together with all the users whose rights with respect to the IT Infrastructure derives from that VO, may lose their right of access to and/or collaboration with the IT Infrastructure. The issues of liability, dispute resolution and intellectual property rights, all of which may be IT Infrastructure-specific, should be addressed in the additional policy documents.(We propose to delete this sentence)

Appendix 1: Additional Policy Documents

The current list of additional policy documents describing procedures, rules and other technical details required to implement this policy are presented here. The current versions may always be found in the EGI document database at EGI Document Database An accompanying document for each IT Infrastructure adopting this policy must define the IT Infrastructure-specific locations and version numbers of their approved and adopted additional policy documents

The additional policy documents with their web links are as follows:

[1] Grid Acceptable Use Policy

[2] Virtual Organisation Registration Security Policy

[3] Grid Site Operations Policy

[4] Approval of Certification Authorities

[5] Grid Security Traceability and Logging Policy

[6] Security Incident Response Policy

[7] Site Registration Security Policy

[8] Virtual Organisation Membership Management Policy

[9] Virtual Organisation Operations Policy

[10] VO Portal Policy

[11] Policy on Grid Multi User Pilot Jobs

[12] Grid Policy on the Handling of User-Level Job Accounting Data

[13] Security Policy Glossary of Terms