Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adopt a High-Level Statement of Objectives #15

Closed
BenWilson-Mozilla opened this issue Apr 1, 2022 · 3 comments
Closed

Adopt a High-Level Statement of Objectives #15

BenWilson-Mozilla opened this issue Apr 1, 2022 · 3 comments
Assignees
@clintwilson
Labels
Scope

Comments

@BenWilson-Mozilla
Copy link
Contributor

BenWilson-Mozilla commented Apr 1, 2022
edited
Loading

An example of high-level criteria accomplished by the individual sections of the NCSSRs might include:

  1. CAs shall implement and maintain an Information Security Program.
  2. CAs shall implement a personnel security program.
    Persons serving in Trusted Roles shall act in a competent and trustworthy manner.
  3. CAs shall build and maintain secure networks and CA systems.
  4. CAs shall protect the confidentiality and integrity of keys and other data.
  5. CAs shall implement strong access control measures. (2)
  6. CAs shall regularly monitor and test [networks, systems, etc.] (3)
  7. CAs shall maintain a vulnerability and patch management program (4)
  8. Private keys corresponding to publicly trusted CAs shall be physically secured.
@BenWilson-Mozilla
Copy link
Contributor Author

Additionally, the NetSec requirements should be re-categorized into the following domains:

PROGRAM MANAGEMENT (PM)
PM-1: CAs shall implement and maintain a Network and Systems Security Program.
...
PERSONNEL SECURITY (PS)
ACCESS CONTROL (AC)
NETWORK SECURITY (NS)
OFFLINE SYSTEMS (OL) or AIR-GAPPED (AG)
PHYSICAL AND ENVIRONMENTAL SECURITY (PE)
CONFIGURATION MANAGEMENT (CM)
MONITORING AND LOGGING (ML)
VULNERABILITY MANAGEMENT (VM)

@BenWilson-Mozilla
Copy link
Contributor Author

Here is an example - https://drive.google.com/file/d/1HPMVQ6mCkEwbCl2c5e-1FbHy4TPb0PwQ/view?usp=sharing

@clintwilson clintwilson self-assigned this Jan 30, 2024
@clintwilson
Copy link
Member

Added in #33

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@clintwilson clintwilson

Labels
Scope
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@clintwilson @benwilsonusa @BenWilson-Mozilla