5. PHYSICAL, PROCEDURAL, AND PERSONNEL SECURITY CONTROLS
Security requirements imposed on the conforming CA are indicated in
the CPS. In every case this policy states that CA MUST be run on a
dedicated workstation. The workstation MUST be physically
secured.
5.1.1. Site location and construction
No stipulation.
The physical access to the site in which the CA operates MUST be
restricted only to explicitly authorized people.
5.1.3. Power and air conditioning
No stipulation.
5.1.5. Fire prevention and protection
No stipulation.
All the issues related to procedural control like the definition
of trusted roles MUST be specified in the CPS.
5.2.2. Number of persons required per task
No stipulation.
5.2.3. Identification and authentication for each role
No stipulation.
The personnel operating the CA MUST be technically and
professionally competent. Every conforming CA SHOULD specify in the
CPS further details concerning this particular topic and the related
issues.
5.3.1. Background, qualifications, experience, and clearance
requirements
No stipulation.
5.3.2. Background check procedures
No stipulation.
5.3.3. Training requirements
No stipulation.
5.3.4. Retraining frequency and requirements
No stipulation.
5.3.5. Job rotation frequency and sequence
No stipulation.
5.3.6. Sanctions for unauthorized actions
No stipulation.
5.3.7. Contracting personnel requirements
No stipulation.
5.3.8. Documentation supplied to personnel
No stipulation.