CINXE.COM

CERN Computer Security Information

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="/style.css" type="text/css" /> <script type="text/javascript" src="/jquery.min.js"></script> <title>CERN Computer Security Information</title> <script type="text/javascript"> $(document).ready(function(){ // Menu highlight var path = location.pathname.split("/"); if ( path ) { $('#main_menu a[href*="' + path[1] + '"][class!="noselect"]').addClass('selected'); // path[3] = /security/<xxxxx>/ $('#sidebar ul.sidemenu li[class!="noselect"]:has(a[href$="' + path.reverse()[0] + '"])').addClass('selected'); } // Add icon to external links $('a[id!=logo-img]').filter(function() { return this.hostname && this.hostname !== location.hostname;   }).after(' <img src="/images/external_link.png" alt="external link" title="external link"/>'); }); </script> </head> <body> <div id="wrap"> <div id="top-bg"></div> <!--header --> <div id="header"> <div id="logo-text"> <a id="logo-img" href="https://home.cern/"><img src="/images/CERNLogo2.png" width="59" height="59" style="margin: 10px" alt="CERN Logo"/></a><div id="logo-text-big"><a href="/home/en/index.shtml" title="">CERN Computer Security</a></div> </div> <div id="header-logo"><a href="/services/en/emergency.shtml"><img width=335 src="/images/emergency.png" alt="Computer Emergencies"/></a></div> </div> <!--header ends--> <div id="header-photo"></div> <!-- navigation starts--> <div id="nav"> <ul id="main_menu"> <li><a class="noselect" href="/home/fr/index.shtml"><img src="/images/fr.png" alt="FR"/></a></li> <li><a href="/home/en/index.shtml">Home</a></li> <li><a href="/rules/en/index.shtml">Computing Rules</a></li> <li><a href="/recommendations/en/index.shtml">Recommendations</a></li> <li><a href="/training/en/index.shtml">Training</a></li> <li><a href="/services/en/index.shtml">Services</a></li> <li><a class="secured" href="/reports/en/index.shtml">Reports &amp; Presentations</a></li> </ul> </div> <!-- navigation ends--> <!-- content-wrap starts --> <div id="content-wrap"> <div id="main"> <h2>Third party access to users' accounts and data </h2> <em class="titledate">2010/07/16 by CSO. Revised 2019/06/12 by CSO</em> <p>This rule describes the procedures for accessing the restricted data (e.g. files or Web pages) of users of the CERN computing facilities whose individual consent cannot be obtained, because they are e.g. absent from CERN, have left CERN or are deceased, where <b>professional or operational needs require access</b> to such data. It is a subsidiary rule of use, in accordance with paragraph 8(a) of the <a href="https://cern.ch/security/rules/en/OC5_english.pdf">Operational Circular N&deg;5</a>.</p> <p>Authorization for third party access is granted by the CERN Computer Security Officer (CSO) or the Head of the IT Department.</p> <h4>Procedure to obtain third party access to users' accounts and data</h4> <p>Access to restricted data can only be <b>requested by the <a href="/rules/en/definitions.shtml#supervisor">supervisor</a> of the data owner</b>:</p> <ul> <li>The requestor shall submit a request for access to the CSO (i.e. <a href="Computer.Security@cern.ch">Computer.Security@cern.ch</a>), indicating the reasonable efforts made to contact the data owner in order to obtain his/her direct authorization;</li> <li>The CSO shall consider the request on the basis of all available information and shall verify the hierarchical structure of the third party via <a href="https://hrt.cern.ch/hrt/Desktop">HRT</a> or <a href="http://ais.web.cern.ch/ais/apps/pie/welcome.html">PIE</a>;</li> <li>If access is granted, the CSO shall inform the requestor, the Head of the IT Department, and, if an email address has been registered, the data owner. Thereafter, the CSO shall immediately authorize access to the files concerned.</li> </ul> <p>This procedure shall <b>not govern access to folders that are clearly marked as private</b> (i.e., the <tt>~/private</tt>-folder on AFS, EOS or CERNbox, or the "My Documents" folder on DFS) or <b>mailboxes</b>, nor the <b>request for password changes</b> by a third party. Access to such data requires the express written authorization of the Director-General of CERN via a request from the CSO. Upon authorization, access to the private data will be conducted in the presence of the CSO.</p> </div> <!-- main ends --> <!-- SIDEBAR --> <!-- sidebar menu starts --> <div id="sidebar"> <h3>CERN Computing Rules</h3> <ul class="sidemenu"> <li><a href="/rules/en/OC5_english.pdf">Operational Circular Nº5</a></li> <li><a href="/rules/en/oc5_aims.shtml">Aims of OC5</a></li> <li><a href="/rules/en/CERN_Cybersecurity_Policy_v1.2.pdf">Cybersecurity Policy</a></li> <li><a href="/rules/en/CERN_CSO_Mandate_v1.1.pdf">Mandate of the CSO</a></li> <li><a href="/home/en/CERN/liaisons.shtml">Departmental & Experiment Liaisons</a></li> <li><a href="/rules/en/csb.shtml">Computer Security Board</a></li> </ul> <h3>OC5 Subsidiary Rules</h3> <ul class="sidemenu"> <li><a href="/rules/en/ept.shtml">Endpoints</a></li> <li><a href="/rules/en/iaa.shtml">Identities, Authentication & Authorization</a></li> <li><a href="/rules/en/ops.shtml">IT Service Operations</a></li> <li><a href="/rules/en/net.shtml">Networking</a></li> <li><a href="/rules/en/dev.shtml">Software Development & Configuration</a></li> <li><a href="/rules/en/swr.shtml">Software Restrictions</a></li> <!--li><a href="/rules/en/accounts.shtml">Computer accounts</a></li--> <li><a href="/rules/en/data_access_by_thirds.shtml">Third party access to users' accounts and data </a></li> <!--li><a href="/rules/en/network.shtml">Using the network</a></li--> <li><a href="/rules/en/webcams.shtml">Using webcams</a></li> </ul> <h3>Security Principles</h3> <ul class="sidemenu"> <li><a href="/rules/en/containers.shtml">...for Containers</a></li> <li><a href="/rules/en/software-development.shtml">...for Software Developments</a></li> <li><a href="/rules/en/web-applications.shtml">...for Web-Applications</a></li> <li><a href="/rules/en/baselines.shtml">Security Baselines</a> (deprecated)</li> </ul> <h3>Other Useful Information</h3> <ul class="sidemenu"> <li><a href="/rules/en/glossary.shtml">Glossary</a></li> <li><a href="https://cern.service-now.com/service-portal?id=functional_element&name=it-cloud-licence">CERN Cloud License Office</a></li> <li><a href="https://data-governance.docs.cern.ch/">CERN Data Governance</a></li> <li><a href="https://odpp.web.cern.ch/">CERN Office of Data Privacy Protection</a></li> <li><a href="https://cern.service-now.com/service-portal?id=functional_element&name=it-Licence-Office">CERN Software License Office</a></li> </ul> </div> <!-- sidebar menu ends --> <!-- content-wrap ends--> </div> <!-- footer starts --> <div id="footer-wrap"> <div id="footer-bottom"> &copy; Copyright 2025<strong> <a href="https://cern.ch/security">CERN Computer Security Office</a></strong> <table> <tr> <td id="footer-info-left"> e-mail: <a href="mailto:Computer.Security@cern.ch">Computer.Security@cern.ch</a><br/> Please use the following PGP key to encrypt your messages:<br/> ID: 0x954CE234B4C6ED84<br/> <a href="https://keys.openpgp.org/vks/v1/by-fingerprint/429D60460EBE8006B04CDF02954CE234B4C6ED84">429D 6046 0EBE 8006 B04C DF02 954C E234 B4C6 ED84</a> </td> <td id="footer-info-right"> Phone: +41 22 767 0500<br/> Please listen to the recorded instructions. </td> </tr> </table> </div> </div> <!-- footer ends--> </div> <!-- wrap ends here --> <!--img height=30px src="/home/en/CERNfooter_800.png"--> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10