[cabfcert_policy] Section 5.1 Proposed New Language

[Ben Wilson]

Per our discussion on today's call

 

5.1.        PHYSICAL SECURITY CONTROLS

5.1.1.     Site location and construction

The location and construction of the facilities housing the CA and RA
equipment SHALL be consistent with facilities used to house high-value,
sensitive information.  The site location and construction, when combined
with other physical security protection mechanisms such as guards, high
security locks, and intrusion sensors, SHALL provide robust protection
against unauthorized access to the CA equipment and records.

 

5.1.2.     Physical access

CAs SHALL maintain controls to provide reasonable assurance that: physical
access to CA facilities and equipment is limited to authorized individuals,
protected through restricted security perimeters, and is operated under
multiple person (at least dual custody) control; CA facilities and equipment
are protected from environmental hazards; loss, damage or compromise of
assets and interruption to business activities are prevented; and compromise
of information and information processing facilities is prevented.

 

5.1.3.     Power and air conditioning

The CA shall have backup power capability sufficient to lock out input,
finish any pending actions, and record the state of the equipment
automatically before lack of power or air conditioning causes a shutdown.
The backup power capabilities shall support the availability requirements of
Section 4.10.2.

5.1.4.     Water exposures

CA equipment shall be installed such that it is not in danger of exposure to
water (e.g., on tables or elevated floors).

Potential water damage from fire prevention and protection measures (e.g.,
sprinkler systems) should be minimized.

5.1.5.     Fire prevention and protection

The CA shall comply with local commercial building codes for fire prevention
and protection. 

 

5.1.6.     Media storage

Media shall be stored so as to protect it from accidental damage (water,
fire, electromagnetic) and unauthorized physical access.  Media not required
for daily operation or not required by policy to remain with the CA or RA
that contains security audit, archive, or backup information shall be stored
securely in a location separate from the CA or RA equipment.

 

Media containing private key material shall be handled, packaged, and stored
in a manner compliant with the requirements for the sensitivity level of the
information it protects or provides access.  Storage protection of CA and RA
private key material shall be consistent with stipulations in Section 5.1.2.

5.1.7.     Waste disposal

Sensitive media and documentation that are no longer needed for operations
shall be destroyed in a secure manner. For example, sensitive paper
documentation shall be shredded, burned, or otherwise rendered
unrecoverable.

5.1.8.     Off-site backup

The purpose of an off-site backup is to recover from system failure
resulting from damage to the equipment or similar causes.   For components
of the Certificate System operated in an online fashion, any backup
necessary to recover from system failure SHALL be made at least once per
week or so that no changes made prior to the last week might be lost.  Root
CA Systems and other components operated in an offline fashion SHALL be
backed up prior to taking them offline.  Backups shall be stored offsite.
Only the latest backup needs to be retained.  The backup shall be stored at
a site with physical and procedural controls commensurate to that of the
Certificate System.  See Section 6.2.4 for requirements for CA private key
backup. 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/policyreview/attachments/20151203/0a93c8a1/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4954 bytes
Desc: not available
Url : https://cabforum.org/pipermail/policyreview/attachments/20151203/0a93c8a1/attachment.bin