Security Policy on Site/VO Removal
This document describes the policy for removing a Virtual Organization (VO) from the OSG.
This policy was approved by the OSG Security Officer (Mine Altunay) on Jun 16 2009. Approved by the OSG Executive Director (Ruth Pordes) on Jul 15 2009.
The interconnected nature of OSG requires that all OSG participants share responsibility for security. The security of each OSG site and VO impacts on the security of other OSG sites and VOs, as well as on partner grids. The OSG Grid Acceptable Use Policy and Service Agreement specify requirements for OSG participants, including security requirements. Furthermore, every OSG site and VO must register a security contact in the OSG Information Management System who will be responsive to requests from the OSG Security Officer.
In the event that a site or VO presents an immediate operational security threat to the grid, the OSG Security Officer may immediately remove the site or VO from the OSG operational infrastructure on a temporary basis while awaiting an Executive Board decision.
In the event that a site or VO presents a significant and persistent security threat to the grid, the OSG Security Officer may recommend to the Executive Board that the site or VO be removed from the OSG operational infrastructure. The decisions to remove and to later re-instate the site or VO ultimately rest with the Executive Board.
The OSG Security Officer aims to work collaboratively with sites and VOs to maintain the security of OSG. Removal of a site or VO from the OSG operational infrastructure for security reasons is an option of last resort.
The OSG Security Officer may initiate removal of a site or VO if one or more of the following criteria are met:
- The site or VO is repeatedly unresponsive to requests from the Security Officer.
- The site or VO persistently fails to maintain accurate security contact information in OIM.
- The site or VO repeatedly violates security requirements in the OSG Grid Acceptable Use Policy or Service Agreement
- The site or VO has repeatedly caused security incidents to spread as a result of neglect.
The Security Officer can be contacted at [email protected]