Site Registration Security Policy
From JSPGwiki
Draft policy document - not yet approved or adopted.
This is V3.2 of this policy document (Dated 25 Mar 2010).
The currently approved and adopted policy document is called "Site Registration Policy & Procedure" (version 2.0, dated 16 March 2005) and may be found at https://edms.cern.ch/document/503198/2.
Introduction
This policy defines a set of security-related responsibilities placed on the Grid implementing a procedure to register a Site with the Grid, and on the Site and its managers. All terms are defined in the Glossary (https://edms.cern.ch/document/573613).
Site Registration Requirements
To satisfy Grid security requirements a Site registration procedure must capture and maintain at least the following information:
- The full name of the Site,
- An abbreviated name of the Site, which must be unique within the Grid, and preferably globally unique,
- The name, email address and telephone number of the Site Manager and Site Security Contact in accordance with the requirements of the Site Operations Policy (https://edms.cern.ch/document/819783),
- The email address of a managed list for contact with Resource Administrators at the site,
- The email address of a managed list for contact with the site security incident response team,
- A signed copy of the Site Operations Policy (https://edms.cern.ch/document/819783).
If a Site wishes to leave the Grid or the Grid decides to remove the Site, the registration information must be kept by the Grid for at least the same period defined for logging in the Traceability and Logging Policy (https://edms.cern.ch/document/428037/). Personal registration information of the Manager and Security Contact of the Site leaving the Grid must not be retained for longer than one year.
Review and acceptance procedures and any operational requirements should be documented in a Grid-specific document describing the implementation of the Site Registration Procedure.
