CINXE.COM

CERN Computer Security Information

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="/style.css" type="text/css" /> <script type="text/javascript" src="/jquery.min.js"></script> <title>CERN Computer Security Information</title> <script type="text/javascript"> $(document).ready(function(){ // Menu highlight var path = location.pathname.split("/"); if ( path ) { $('#main_menu a[href*="' + path[1] + '"][class!="noselect"]').addClass('selected'); // path[3] = /security/<xxxxx>/ $('#sidebar ul.sidemenu li[class!="noselect"]:has(a[href$="' + path.reverse()[0] + '"])').addClass('selected'); } // Add icon to external links $('a[id!=logo-img]').filter(function() { return this.hostname && this.hostname !== location.hostname;   }).after(' <img src="/images/external_link.png" alt="external link" title="external link"/>'); }); </script> </head> <body> <div id="wrap"> <div id="top-bg"></div> <!--header --> <div id="header"> <div id="logo-text"> <a id="logo-img" href="https://home.cern/"><img src="/images/CERNLogo2.png" width="59" height="59" style="margin: 10px" alt="CERN Logo"/></a><div id="logo-text-big"><a href="/home/en/index.shtml" title="">CERN Computer Security</a></div> </div> <div id="header-logo"><a href="/services/en/emergency.shtml"><img width=335 src="/images/emergency.png" alt="Computer Emergencies"/></a></div> </div> <!--header ends--> <div id="header-photo"></div> <!-- navigation starts--> <div id="nav"> <ul id="main_menu"> <li><a class="noselect" href="/home/fr/index.shtml"><img src="/images/fr.png" alt="FR"/></a></li> <li><a href="/home/en/index.shtml">Home</a></li> <li><a href="/rules/en/index.shtml">Computing Rules</a></li> <li><a href="/recommendations/en/index.shtml">Recommendations</a></li> <li><a href="/training/en/index.shtml">Training</a></li> <li><a href="/services/en/index.shtml">Services</a></li> <li><a class="secured" href="/reports/en/index.shtml">Reports &amp; Presentations</a></li> </ul> </div> <!-- navigation ends--> <!-- content-wrap starts --> <div id="content-wrap"> <div id="main"> <h2>CERN Computing Rules:<br/> The Use of CERN Computing Facilities</h2> <p> CERN cybersecurity is governed by Operational Circular #5 (OC5), i.e. <a href="/rules/en/OC5_english.pdf">the CERN Computing Rules</a>, and <a href="/rules/en/CERN_Cybersecurity_Policy_v1.2.pdf">the CERN Cybersecurity Policy</a> under the auspices of <a href="/rules/en/CERN_CSO_Mandate_v1.1.pdf">the Computer Security Officer as mandated</a> by the Director General. </p><p> The <a href="/rules/en/OC5_english.pdf">Computing Rules</a> and <a href="/rules/en/CERN_Cybersecurity_Policy_v1.2.pdf">the Cybersecurity Policy</a> imply that each person using or contributing to CERN's computing facilities (e.g. its network, CERN-owned devices, on-site or cloud-based computing services) shall actively contribute to the implementation of these Rules through exemplary conduct. This includes the following behaviour: </p> <ul> <li>compliance with these Rules including its Subsidiary Rules;</li> <li>actively seeking information to minimise risks;</il> <li>avoiding dangerous situations for their equipment and CERN's computing facilities; and</li> <li>exercising the responsibilities assigned to them.</li> </ul> <p> As such, and unless delegated when using central services, <b>any owner of computing resources connected to or provided to them by CERN's computing facilities are ultimately responsible for the compliance of their actions and their resources with these Rules</b>. </p> <h3>Subsidiary Rules</h3> <p> Based on the <a href="/rules/en/OC5_english.pdf">Operational Circular #5</a> (OC5) and <a href="/rules/en/CERN_Cybersecurity_Policy_v1.2.pdf">the Cybersecurity Policy</a>, and following a Defence-in-Depth approach, a set of dedicated <a href="/rules/en/index.shtml">"Subsidiary Rules"</a> provide managerial and technical rules on how to use CERN's Computing Facilities in a secure fashion. As <a href="/rules/en/OC5_english.pdf">OC5</a> and <a href="/rules/en/CERN_Cybersecurity_Policy_v1.2.pdf">the Cybersecurity Policy</a>, these Subsidiary Rules are binding (see OC5 II 8a). Subsidiary Rules, newly created or to be updated, are discussed and approved (or rejected) in the <a href="https://indico.cern.ch/category/18597/">Computer Security Board</a> comprised of appointed <a href="/home/en/CERN/liaisons.shtml">Computer Security Liaisons</a> as representatives from CERN sectors/departments/units and experiments. <b>Any derogation from these Rules requires written approval by the CSO</b>, and might enter the CERN/IT Risk Register. <b>Non-compliance with any of these Rules might lead to sanctions</b>, e.g. reduced functionality (limited connectivity, e.g. "throttling"), the termination of service ("blocking"), or administrative measures as defined in Section V of <a href="/rules/en/OC5_english.pdf">OC5</a></p>. <center><img style="padding-left:5px;" width=90% src="../images/diagram.png"></center> <h3>Glossary</h3> <ul> <li><b>CERN-Owned Device</b> A "CERN-Owned Device" (COD) is any device purchased via a CERN budget code ("Team codes" excluded) and which has not yet been sold via the <a href="https://recuperation-sales.web.cern.ch/">CERN Recuperation Service</a>;</li> <li><b>Frequencies</b> "Regular/regularly" implies at least once a month. "Frequent/frequently" implies at least once a week. "Timely" implies as soon as reasonably possible;</li> <li><b>IT Services</b> An "IT service" denotes any on-prem or cloud IT service, paid for or free, managed by the IT department or any other department; <li><b>Resources</b> A computing resource ("Resource") can be a computing account, database, device/virtual machine/container, software repository, storage space, website or any other digital entity.</li> </ul> </p> </div> <!-- main ends --> <!-- SIDEBAR --> <!-- sidebar menu starts --> <div id="sidebar"> <h3>CERN Computing Rules</h3> <ul class="sidemenu"> <li><a href="/rules/en/OC5_english.pdf">Operational Circular Nº5</a></li> <li><a href="/rules/en/oc5_aims.shtml">Aims of OC5</a></li> <li><a href="/rules/en/personal_use_policy.shtml">Personal use policy</a></li> <li><a href="/rules/en/violation_of_rules.shtml">Violation of rules</a></li> <li><a href="/rules/en/CERN_Cybersecurity_Policy_v1.2.pdf">Cybersecurity Policy</a></li> <li><a href="/rules/en/CERN_CSO_Mandate_v1.1.pdf">Mandate of the CSO</a></li> <li><a href="/home/en/CERN/liaisons.shtml">Departmental & Experiment Liaisons</a></li> <li><a href="/rules/en/board.shtml">Computer Security Board</a></li> </ul> <h3>OC5 Subsidiary Rules</h3> <h3>& Guidelines</h3> <ul class="sidemenu"> <li><a href="/rules/en/accounts.shtml">Computer accounts</a></li> <li><a href="/rules/en/dhp.shtml">Data Handling Policy</a></li> <li><a href="/rules/en/drp.shtml">Data Retention Policy</a></li> <li><a href="/rules/en/firewall.shtml">Outer Perimeter Firewall Openings</a></li> <li><a href="/rules/en/ddp.shtml">Properly destroying data</a></li> <li>Protecting files on <a href="/rules/en/afs.shtml">AFS</a>, <a href="/rules/en/dfs.shtml">DFS</a> and <a href="/rules/en/eos.shtml">EOS</a></li> <li><a href="/rules/en/windows.shtml">Running Windows PCs</a></li> <li><a href="/rules/en/baselines.shtml">Security Baselines</a></li> <!--li><a href="/rules/en/social-media.shtml">Social Media Guidelines</a></li--> <li><a href="https://admin-eguide.web.cern.ch/en/procedure/social-media-guidelines">Social Media Guidelines</a></li> <li><a href="/rules/en/data_access_by_thirds.shtml">Third party access to users' accounts and data </a></li> <li><a href="/rules/en/file-services.shtml">Using file services</a></li> <li><a href="/rules/en/mail-service.shtml">Using the e-mail service</a></li> <li><a href="/rules/en/network.shtml">Using the network</a></li> <li><a href="/rules/en/webcams.shtml">Using webcams</a></li> </ul> <h3>Software Restrictions</h3> <ul class="sidemenu"> <!--li><a href="/rules/en/irc.shtml">Internet Relay Chat (IRC)</a></li--> <!--li><a href="/rules/en/im.shtml">Instant messaging<br/> (IRC, ICQ, ...)</a></li--> <li><a href="/rules/en/otp-generators.shtml">OTP Generators</a></li> <!--li><a href="/rules/en/p2p.shtml">Peer-to-peer file sharing<br/>(P2P)</a></li--> <!--li><a href="/rules/en/skype.shtml">Skype Internet telephony</a></li--> <li><a href="/rules/en/teamviewer.shtml">TeamViewer</a></li> <!--li><a href="/rules/en/tor.shtml">Tor (The Onion Router)</a></li--> <li><a href="/rules/en/vpn.shtml">VPNs and other overlay networks</a></li> </ul> <h3>Other Useful Information</h3> <ul class="sidemenu"> <li><a href="https://indico.cern.ch/category/3441">Licensing CERN Software</a></li> <li><a href="https://odpp.web.cern.ch/">Office of Data Privacy Protection</a></h3> <li><a href="http://www.ohwr.org">Open Hardware Repository</a></h3> </ul> </div> <!-- sidebar menu ends --> <!-- content-wrap ends--> </div> <!-- footer starts --> <div id="footer-wrap"> <div id="footer-bottom"> &copy; Copyright 2024<strong> <a href="https://cern.ch/security">CERN Computer Security Office</a></strong> <table> <tr> <td id="footer-info-left"> e-mail: <a href="mailto:Computer.Security@cern.ch">Computer.Security@cern.ch</a><br/> Please use the following PGP key to encrypt your messages:<br/> ID: 0x954CE234B4C6ED84<br/> <a href="https://keys.openpgp.org/vks/v1/by-fingerprint/429D60460EBE8006B04CDF02954CE234B4C6ED84">429D 6046 0EBE 8006 B04C DF02 954C E234 B4C6 ED84</a> </td> <td id="footer-info-right"> Phone: +41 22 767 0500<br/> Please listen to the recorded instructions. </td> </tr> </table> </div> </div> <!-- footer ends--> </div> <!-- wrap ends here --> <!--img height=30px src="/home/en/CERNfooter_800.png"--> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10