DOEGrids Audit Report Michael Helm 1 Networking for the Future of Science Energy Sciences Network Lawrence Berkeley National Laboratory 10 May 2009.

Slides:



Advertisements
Similar presentations
Status of Auditing Guidelines Document Oct. 15 Yoshio Tanaka, AIST.
Advertisements

TAC Position Paper Process Mark Melanson 5 August 2009 Tom Duerr Karen Harwell Mark Melanson Jim Neidhoefer.
Configuration Management
Classic X.509 secured profile version 4.2 Proposed Changes David Groep, Apr 20 th, 2009.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
Chapter 4 Quality Assurance in Context
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
IGTF and SHA-2 David Kelsey TAGPMA meeting, SDSC Feb 2012.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.
Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.
Office of Inspector General (OIG) Internal Audit
A Review ISO 9001:2015 Draft What’s Important to Know Now
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
©2005 KPMG LLP, the U.S. member firm of KPMG International, a Swiss cooperative. All rights reserved. July 27, 2005 PKI Audits and Assessments “Another.
Key changes and transition process
CS 4310: Software Engineering
NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.
Company Confidential Improvement Opportunities for Audit Reporting Tony Marino and Rick Downs July 19-20, 2012 Registration Management Committee RMC Workshop.
NMS Certification and Accreditation (C&A) Removal of Material Weakness for NMS Security and Access Controls Jim Craft USAID ISSO.
+1 (801) Standards for Registration Practices Statements IGTF Considerations.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.
“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.
Sprint 116 Review / Sprint 117 Planning September 23th, 2013.
Voluntary Action Program Updates Certified Professional Training October 27, 2015.
NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.
Requirements Engineering Requirements Validation and Management Lecture-24.
EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Unity 4.1 Documentation What you need to know.
VOMS Attribute Authorities Michael Helm ESnet/LBNL 23 Feb 2007.
Steps in the Transition to an Impact- Focused Audit Function Modifying Procedures, Audit Practices, and Reports to Address Risk Gert van der Linde, World.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
PKI for improved cybersecurity in NATO Partner countries Software Arsen Hayrapetyan, ArmeSFo CA.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.
Feyza Eryol TÜBİTAK ULAKBİM TR-GRID CA SELF-AUDIT & UPDATES.
UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.
HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.
29 th EUGridPMA meeting, September 2013, Bucharest AEGIS Certification Authority Dušan Radovanović University of Belgrade Computer Centre.
Soapbox (S-Series) Certificate Validation Jens Jensen, STFC.
Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health
IRAN-GRID CA Self Audit IRAN-GRID CA Self Audit Report Shahin Rouhani IRAN-GRID Tehran Iran Shahin Rouhani Grid Computation Group IPM, Tehran, Iran May.
Auditing Concepts.
SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.
OGF PGI – EDGI Security Use Case and Requirements
AEGIS Certification Authority
UGRID CA Sergii Stirenko, Oleg Alienin
Chapter 18 Maintaining Information Systems
Key Value Indicators (KVIs) ‘Accepted’ Version 1.0
SPACE LINK AREA MID-TERM REPORT
Update on the Developments in Government Auditing Standards
Changes to Exempt Categories
MaGrid CA Self audit and update
Key Value Indicators (KVIs) Version 1.1 (amendments from V1.0 in red)
Structure of the Code Don Thomson, Task Force Chair IESBA CAG Meeting
Group Meeting Ming Hong Tsai Date :
Update on the Developments in Government Auditing Standards
WEQ-012 PKI Overview March 19, 2019
Software Update - Type approval related issues -
Jul 12, /12/10 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: Study Group EIR Opening Report.
Overview of the recommendations on software updates
Bill Yau HKU Grid Certificate Authority (HKU Grid CA) Self Audit & Status Report Bill Yau
TGmb Teleconferences October 2009 through November 2009
TGmb Teleconferences October 2009 through November 2009
BG.ACAD CA Self-audit report 2018
Presentation transcript:

DOEGrids Audit Report Michael Helm 1 Networking for the Future of Science Energy Sciences Network Lawrence Berkeley National Laboratory 10 May 2009

EUGridPMA May A little background …. Signed up for audit in Sep 2007 Audit of various features Nov-Dec 2007 –Certificate issuance –Log files: census and management –NIST –“Peer review” style committee, focused on early version of IGTF Audit Framework Initial Report Amsterdam Jan 2008 Final Audit Report Aug 2008 RFC 3647 translation “Completed” Audit response

EUGridPMA May Audit Report Details Audit Report Executive Summary Principal matters of interest to auditors; includes significant recommendations “Findings” Defect list – discussed in Amsterdam ESnet response Proposed plan for issues found in audit Other sections Includes auditors’ spreadsheets and comments

EUGridPMA May Audit Report Executive Summary Comments Need to deal with ID verification better Need for RAs to maintain identification records Recommendations –Update CPS format to RFC 3647 –Consider offering a MICS-type CA –Update/revamp DOEGrids PMA –Continuity of operations –RA responsibilities –NIST –Various ID & authentication-specific

EUGridPMA May Audit Findings Broken into 2 classes – –Significant deviations – topics with obvious seriousness, where either the documentation was missing, or the CA operations didn’t conform to standards –Minor deviations – essentially minor documentation errors and omissions

EUGridPMA May Review of Audit Response ID Verification (initial) was resolved at Amsterdam -> resulted in TTP 1SCP ID re-verification remains an open issue RA record retention – under discussion COO -> see the “CA cloning” slides Restructuring CPS to RFC 3647– done – v 3.0 Updated CPS according to Audit Log – done v 3.1 DOEGrids PMA revived Strategic planning remains a future goal

EUGridPMA May DOEGrids CPS Transition DOEGrids CPS v 2.10 –Effectively implemented at Apr 2008 TAGPMA at NERSC –Added ESnet RA & Philips RA DOEGrids CPS v 3.0 –Translation of v > RFC 3647 framework DOEGrids CPS v 3.1 –Implementation of DOEGrids Audit – Finally!

EUGridPMA May DOEGrids CPS 3.1 Going thru DOEGrids PMA approval process Approved by ESnet management Better reflects the reality of how we must operate the CA & its services Some controversial areas: –We reserve the right to make changes…. –Who has the right to cause a certificate to be revoked (or other CA operation)? –Privacy & confidentiality (NONE)

EUGridPMA May Outstanding Issues These issues become the next work program after DOEGrids CPS 3.1 acceptance Identity re-verification –This is a difficult community issue –The tools to support this are in development –We are currently studying the demographics & plan to have a program for re-verifying ancient subscribers in place by October RA responsibilities & duties –Community interest GCP/GFD 125 compliance –Working on gradual adoption – another community relations issue Federation CA –Has to be identified as a customer requirement More CPS restructuring –Remove RA Disclosure appendices, put in DOEGrids PMA domain –Remove dynamic content and link –Cross – linking with NIST – based security and practice documentation –Fix various anachronisms discovered

EUGridPMA May Other Auditing Activities NIST framework – ongoing ESnet PKI CSPP – working on publishing Configuration Review – ongoing ESnet Security Peer Review OSG risk assessments Automated re-issuance –2 changes caused a lot of trouble: Migration from Iplanet CMS to Redhat CS using old configurations Trust in other CAs –Examined every automatically issued certificate (renewals, certain kinds of RA agent functions) since Jul 2007

EUGridPMA May Document Links We shall now pass lovingly over these documents as time permits…. DOEGrids Audit Report – Log of work done on audit – Poll: – DOEGrids CPS 3.1 –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.