200 likes | 300 Views
Security Requirements for Grid Providers. Some Original Slides by Irwin Gaines (FNAL) 20-Apr-2006 Adapted by Bob Cowles (SLAC/OSG) 28-Mar-2007. US Labs Security Requirements. Congress passed law in 2002 requiring federal agencies and contractors secure their computer systems
E N D
Security Requirements for Grid Providers Some Original Slides by Irwin Gaines (FNAL) 20-Apr-2006 Adapted by Bob Cowles (SLAC/OSG) 28-Mar-2007
US Labs Security Requirements • Congress passed law in 2002 requiring federal agencies and contractors secure their computer systems • National Institute of Standards (NIST) was tasked with developing the guidance and the process to promote compliance ISGC 2007
FIPS 199 / SP 800-60 SP 800-37 SP 800-53 / FIPS 200 SP 800-37 Security Categorization Security Control Monitoring Security Control Selection System Authorization Defines category of information system according to potential impact of loss Selects minimum security controls (i.e., safeguards and countermeasures) planned or in place to protect the information system Continuously tracks changes to the information system that may affect security controls and assesses control effectiveness SP 800-53 / FIPS 200 / SP 800-30 Security Control Refinement Uses risk assessment to adjust minimum control set based on local conditions, required threat coverage, and specific agency requirements Determines risk to agency operations, agency assets, or individuals and, if acceptable, authorizes information system processing SP 800-18 SP 800-70 SP 800-53A / SP 800-37 Security Control Documentation Security Control Implementation Security Control Assessment In system security plan, provides an overview of the security requirements for the information system and documents the security controls planned or in place Implements security controls in new or legacy information systems; implements security configuration checklists Determines extent to which the security controls are implemented correctly, operating as intended, and producing desired outcome with respect to meeting security requirements NIST Process ISGC 2007
Grid Connection • Grids are virtual sites in a sense, and will be examined and perhaps even audited using same criteria • And all the US labs that have resources used by grids must live by NIST guidelines, so perhaps it is useful build on the NIST framework for documenting grid computing security requirements ISGC 2007
NIST Process Details • Each system needs: • Functional description • Hardware and software description (especially description of boundaries) • Risk assessment • Security plan (showing controls to mitigate the greater impact or likelihood risks) • System Sensitivity Categorization (low/moderate/high sensitivity) • Contingency plan • Security control testing and evaluation • Process for certification and accreditation ISGC 2007
NIST Control families • Management • Management Risk Assessment RA • Management Planning PL • Management System and Services Acquisition SA • Management Certification, Accreditation, and Security Assessments CA • Operational • Operational Personnel Security PS • Operational Physical and Environmental Protection PE • Operational Contingency Planning CP • Operational Configuration Management CM • Operational Maintenance MA • Operational System and Information Integrity SI • Operational Media Protection MP • Operational Incident Response IR • Operational Awareness and Training AT • Technical • Technical Identification and Authentication IA • Technical Access Control AC • Technical Audit and Accountability AU • Technical System and Communications Protection SC ISGC 2007
Security Sensitivity • Low Impact • Affects individual users or small VOs • Medium Impact • Affects large VO or significant infrastructure impact • High Impact • Takes down Grid infrastructure or large VO ISGC 2007
Grid Participants • Identity Provider – runs an identity vetting service as a CA or IdM • Authorization Provider – provides authorization information • Software Provider – provides software used by other participants • Service Provider – provides computational, data storage or higher level services ISGC 2007
Relationship to Grid VOs • VOs assemble software stacks using VDT Components and other software. • Grids for compute and data intensive science are open, evolving. • In general VOs run services, and/or supervise the services others run for them. • An example is VOMS (people, roles) ISGC 2007
Challenge • Put initial baseline in place ASAP • Use the framework to expand controls • Describe the expectations for participants at different levels of impact (gold, platinum, …) • Expectations would become policy statements referenced directly or indirectly by “AUP” for VOs, service providers, etc. ISGC 2007
Draft VO Policy (1) • You shall provide and maintain, in a central repository provided by the Grid, accurate contact information as specified in the VO Registration Policy, including but not limited to at least one Administrative Contact (VO Manager) plus alternate and one VO Security Contact who shall respond to enquiries in a timely fashion as defined in the Grid operational procedures ISGC 2007
Draft VO Policy (2) • You shall maintain a VO membership service that can be used to generate authentication/authorization/id-mapping data for the services running on the sites and records user contact information consistent with the Grid procedures for VO registration. You recognize this is a critical function to operation within the Grid and that network or server failures associated with this service may prevent VO users from accessing any Grid services. You shall take reasonable measures to ensure the information recorded in the membership service is correct and up-to-date ISGC 2007
Draft VO Policy (3) • You shall provide information on where to report problems with VO-supplied software and respond promptly to reports of problems (particularly security problems). You recognize that a Sites may disable a VO if its practices present, in the Site’s judgment, an unacceptable risk. • All VO-provided software must be covered by appropriate license agreements allowing its use by the VO users at site supplying VO with resources ISGC 2007
Draft VO Policy (4) • You shall comply with the Grid Security Policies, including any audit data requirements that require you to maintain logs of access to and changes in databases or repositories maintained in support of the VO (e. g. membership database or software repository). You shall periodically assess your compliance with these policies, inform the Grid Security Officer of the assessment including violations encountered in the assessment, and correct such violations forthwith ISGC 2007
Draft VO Policy (5) • You shall use audit and membership information for administrative, operational, accounting, monitoring and security purposes only. You shall apply due diligence in maintaining the confidentiality of such information ISGC 2007
Draft VO Policy (6) • Provisioning of services to and use of the Grid is at your own risk. Any software provided by the Grid is provided on an as-is basis only, and subject to its own license conditions. There is no guarantee that any procedure applied by the Grid is correct or sufficient for any particular purpose. The Grid and other Sites are not liable for any loss or damage in connection with VO participation in the Grid ISGC 2007
Draft VO Policy (7) • You shall control access by Users for administrative, operational and security purposes and shall inform the Users if you limit or suspend access. You shall comply with the Grid Incident Handling policy regarding the notification of security incidents and where appropriate, shall restore access as soon as reasonably possible ISGC 2007
Draft VO Policy (8) • You shall comply with the Grid operational procedures including the requirement to include at least one User, designated by the Grid, for the sole purpose of evaluating the availability of your Grid Services ISGC 2007
Draft VO Policy (9) • The Grid may control VO access to the Grid for administrative, operational and security purposes and remove VO registration information from Grid information systems if you fail to comply with these conditions ISGC 2007
Comments / Questions? ISGC 2007