CERN Computer Security Information

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="/style.css" type="text/css" /> <script type="text/javascript" src="/jquery.min.js"></script> <title>CERN Computer Security Information</title> <script type="text/javascript"> $(document).ready(function(){ // Menu highlight var path = location.pathname.split("/"); if ( path ) { $('#main_menu a[href*="' + path[1] + '"][class!="noselect"]').addClass('selected'); // path[3] = /security/<xxxxx>/ $('#sidebar ul.sidemenu li[class!="noselect"]:has(a[href$="' + path.reverse()[0] + '"])').addClass('selected'); } // Add icon to external links $('a[id!=logo-img]').filter(function() { return this.hostname && this.hostname !== location.hostname; }).after(' <img src="/images/external_link.png" alt="external link" title="external link"/>'); }); </script> </head> <body> <div id="wrap"> <div id="top-bg"></div>  <div id="header"> <div id="logo-text"> <a id="logo-img" href="https://home.cern/"><img src="/images/CERNLogo2.png" width="59" height="59" style="margin: 10px" alt="CERN Logo"/></a><div id="logo-text-big"><a href="/home/en/index.shtml" title="">CERN Computer Security</a></div> </div> <div id="header-logo"><a href="/services/en/emergency.shtml"><img width=335 src="/images/emergency.png" alt="Computer Emergencies"/></a></div> </div>  <div id="header-photo"></div>  <div id="nav"> <ul id="main_menu"> <li><a class="noselect" href="/home/fr/index.shtml"><img src="/images/fr.png" alt="FR"/></a></li> <li><a href="/home/en/index.shtml">Home</a></li> <li><a href="/rules/en/index.shtml">Computing Rules</a></li> <li><a href="/recommendations/en/index.shtml">Recommendations</a></li> <li><a href="/training/en/index.shtml">Training</a></li> <li><a href="/services/en/index.shtml">Services</a></li> <li><a class="secured" href="/reports/en/index.shtml">Reports & Presentations</a></li> </ul> </div>   <div id="content-wrap"> <div id="main"> <a name="Mandatory Security Baselines"></a><h2>Mandatory Security Baselines</h2> <em class="titledate"><a href="http://indico.cern.ch/conferenceDisplay.py?confId=73733">2010/06/10 by ITSRM</a></em> <p>A "Security Baseline" defines a set of basic security objectives which must be met by any given service or system. The objectives are chosen to be pragmatic and complete, and do not impose technical means. Therefore, details on how these security objectives are fulfilled by a particular service/system must be documented in a separate "Security Implementation Document". These details depend on the operational environment a service/system is deployed into, and might, thus, creatively use and apply any relevant security measure. Derogations from the baseline are possible and expected, and must be explicitly marked.</p> <p><b>At CERN, for each service/system used in production, such a Security Implementation Document must be produced by its system/service owner, and be accepted and approved by the Computer Security Officer.</b></p> <p>All systems/services must be implemented and deployed in compliance with their corresponding Security Implementation Document. Non-compliance will ultimately lead to reduced network connectivity for the affected services and systems (i.e. closure of CERN firewall openings, ceased access to other network domains, and/or disconnection from the CERN network).</p> <h4>Security Baseline Documents</h4> <ul> <li>Security Baseline for Hardened PCs and Laptops<br/>(<a href="https://edms.cern.ch/document/1593100">EDMS 1593100</a>)</li> <li>Security Baseline for Servers, PCs and Laptops used in a CERN Production Environment<br/>(<a href="https://edms.cern.ch/document/1062500">EDMS 1062500</a>)</li> <li>Security Baseline for File Hosting Services used in a CERN Production Environment<br/>(<a href="https://edms.cern.ch/document/1062503">EDMS 1062503</a>)</li> <li>Security Baseline for Web Hosting Services used in a CERN Production Environment<br/>(<a href="https://edms.cern.ch/document/1062502">EDMS 1062502</a>)</li> <li>Security Baseline for Industrial Embedded Devices used in a CERN Production Environment<br/>(<a href="https://edms.cern.ch/document/1139163">EDMS 1139163</a>)</li> </ul> <p>A template for the "Security Implementation Document" can be found here: <a href="https://edms.cern.ch/document/1062504">EDMS 1062504</a></p> </div>    <div id="sidebar"> <h3>CERN Computing Rules</h3> <ul class="sidemenu"> <li><a href="/rules/en/OC5_english.pdf">Operational Circular Nº5</a></li> <li><a href="/rules/en/oc5_aims.shtml">Aims of OC5</a></li> <li><a href="/rules/en/personal_use_policy.shtml">Personal use policy</a></li> <li><a href="/rules/en/violation_of_rules.shtml">Violation of rules</a></li> <li><a href="/rules/en/CERN_Cybersecurity_Policy_v1.2.pdf">Cybersecurity Policy</a></li> <li><a href="/rules/en/CERN_CSO_Mandate_v1.1.pdf">Mandate of the CSO</a></li> <li><a href="/home/en/CERN/liaisons.shtml">Departmental & Experiment Liaisons</a></li> <li><a href="/rules/en/board.shtml">Computer Security Board</a></li> </ul> <h3>OC5 Subsidiary Rules</h3> <h3>& Guidelines</h3> <ul class="sidemenu"> <li><a href="/rules/en/accounts.shtml">Computer accounts</a></li> <li><a href="/rules/en/dhp.shtml">Data Handling Policy</a></li> <li><a href="/rules/en/drp.shtml">Data Retention Policy</a></li> <li><a href="/rules/en/firewall.shtml">Outer Perimeter Firewall Openings</a></li> <li><a href="/rules/en/ddp.shtml">Properly destroying data</a></li> <li>Protecting files on <a href="/rules/en/afs.shtml">AFS</a>, <a href="/rules/en/dfs.shtml">DFS</a> and <a href="/rules/en/eos.shtml">EOS</a></li> <li><a href="/rules/en/windows.shtml">Running Windows PCs</a></li> <li><a href="/rules/en/baselines.shtml">Security Baselines</a></li>  <li><a href="https://admin-eguide.web.cern.ch/en/procedure/social-media-guidelines">Social Media Guidelines</a></li> <li><a href="/rules/en/data_access_by_thirds.shtml">Third party access to users' accounts and data </a></li> <li><a href="/rules/en/file-services.shtml">Using file services</a></li> <li><a href="/rules/en/mail-service.shtml">Using the e-mail service</a></li> <li><a href="/rules/en/network.shtml">Using the network</a></li> <li><a href="/rules/en/webcams.shtml">Using webcams</a></li> </ul> <h3>Software Restrictions</h3> <ul class="sidemenu">   <li><a href="/rules/en/otp-generators.shtml">OTP Generators</a></li>   <li><a href="/rules/en/teamviewer.shtml">TeamViewer</a></li>  <li><a href="/rules/en/vpn.shtml">VPNs and other overlay networks</a></li> </ul> <h3>Other Useful Information</h3> <ul class="sidemenu"> <li><a href="https://indico.cern.ch/category/3441">Licensing CERN Software</a></li> <li><a href="https://odpp.web.cern.ch/">Office of Data Privacy Protection</a></h3> <li><a href="http://www.ohwr.org">Open Hardware Repository</a></h3> </ul> </div>   </div>  <div id="footer-wrap"> <div id="footer-bottom"> © Copyright 2024<strong> <a href="https://cern.ch/security">CERN Computer Security Office</a></strong> <table> <tr> <td id="footer-info-left"> e-mail: <a href="mailto:Computer.Security@cern.ch">Computer.Security@cern.ch</a><br/> Please use the following PGP key to encrypt your messages:<br/> ID: 0x954CE234B4C6ED84<br/> <a href="https://keys.openpgp.org/vks/v1/by-fingerprint/429D60460EBE8006B04CDF02954CE234B4C6ED84">429D 6046 0EBE 8006 B04C DF02 954C E234 B4C6 ED84</a> </td> <td id="footer-info-right"> Phone: +41 22 767 0500<br/> Please listen to the recorded instructions. </td> </tr> </table> </div> </div>  </div>   </body> </html>

CINXE.COM

CERN Computer Security Information