1、 ETSI TR 101 533-2 V1.3.1 (2012-04) Electronic Signatures and Infrastructures (ESI); Data Preservation Systems Security; Part 2: Guidelines for Assessors Technical Report ETSI ETSI TR 101 533-2 V1.3.1 (2012-04)2Reference RTR/ESI-00123-2 Keywords data preservation, e-commerce, electronic signature, s
2、ecurity, trust services ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfecture de Grasse (06) N 7803/88 Important notice Individual copies of th
3、e present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In
4、 case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of thi
5、s and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as auth
6、orized by written permission. The copyright and the foregoing restriction extend to reproduction in all media. European Telecommunications Standards Institute 2012. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTMand the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3G
7、PPTM and LTE are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI ETSI TR 101 533-2 V1.3.1 (2012-04)3Contents Intellectual Property Rights 8g3Foreword . 8g3Ack
8、nowledgment 8g3Introduction 8g31 Scope 9g32 References 9g32.1 Normative references . 9g32.2 Informative references 9g33 Definitions and abbreviations . 10g33.1 Definitions 10g33.2 Abbreviations . 10g34 Overview 10g34.1 Preservation Service types 10g35 Provisions based on TS 102 573 11g35.1 Complianc
9、e with the TS 101 533-1 11g35.2 DPSP Obligations specified in TS 102 573, clause 6 . 11g35.2.1 Arrangements to cover liabilities and financial stability . 11g35.2.2 Conformance by Subcontractors . 11g35.2.3 DPSP service provisions in abidance by the applicable legislation 12g35.2.4 Contractual aspec
10、ts . 12g35.2.5 Resolution of complaints and disputes 12g35.2.6 Organisation independence . 13g35.2.7 DPSP Subscriber Obligations . 13g35.2.8 Information for trading partners 13g35.2.9 Information for auditor/regulatory/tax authorities 13g36 Objectives and controls in TS 102 573, annex A . 13g36.1 SS
11、.1. Signature . 13g36.1.1 SS.1.1. Class of Electronic Signature . 13g36.1.2 SS.1.2. Certification 14g36.1.3 SS.1.3. Signature Creation Data . 14g36.1.4 SS.1.4. Certificate Subjects Registration . 14g36.1.5 SS.1.5. Certificate Revocation 14g36.2 SS.2. Maintenance of Signature over Storage Period . 14
12、g36.3 SS.3. Storage 15g36.3.1 SS.3.1. Authorized Access 15g36.3.2 SS.2. Authenticity and Integrity 15g36.3.3 SS.3.3. Data Object Readability . 15g36.3.4 SS.3.4. Storage media type . 16g36.3.5 SS.3.5. Data Objects Format . 16g36.3.6 SS.3.6. Requirements on Separation and Confidentiality . 16g36.4 SS.
13、4. Reporting to and Exchanges with Authorities . 16g36.5 SS.5. Conversion of Analog Originals to Digital Formats . 16g3Annex A: ISO/IEC 27001 related Long Term Preservation-specific ISMS guidelines for control assessment . 17g3A.1 Reference to ISO/IEC 27001 17g3A.2 Basic ISO/IEC 27002 provision . 17
14、g3A.3 Enhanced ISO/IEC 27002 provisions . 17g3A.4 New specific controls . 17g3ETSI ETSI TR 101 533-2 V1.3.1 (2012-04)4A.5 Security Policy . 17g3A.5.1 Information security policy 17g3A.5.1.1 Information security policy document 17g3A.5.1.2 Review of the information security policy 17g3A.6 Organizatio
15、n of information security . 18g3A.6.1 Internal organization. 18g3A.6.1.1 Management commitment to information security . 18g3A.6.1.2 Information security co-ordination . 18g3A.6.1.3 Allocation of information security responsibilities . 18g3A.6.1.4 Authorization process for information processing fac
16、ilities . 18g3A.6.1.5 Confidentiality agreements . 18g3A.6.1.6 Contact with authorities 18g3A.6.1.7 Contact with special interest groups . 18g3A.6.1.8 Independent review of information security . 19g3A.6.2 External Parties 19g3A.6.2.1 Identification of risks related to external parties . 19g3A.6.2.2
17、 Addressing security when dealing with customers . 19g3A.6.2.3 Addressing security in third party agreements 19g3A.7 Asset Management . 19g3A.7.1 Responsibility for assets . 19g3A.7.1.1 Inventory of assets 19g3A.7.1.2 Ownership of assets 20g3A.7.1.3 Acceptable use of assets . 20g3A.7.2 Information c
18、lassification . 20g3A.7.2.1 Classification guidelines . 20g3A.7.2.2 Information labelling and handling . 20g3A.8 Human resources security 20g3A.8.1 Prior to Employment 20g3A.8.1.1 Roles and responsibilities . 20g3A.8.1.2 Screening 20g3A.8.1.3 Terms and conditions of employment . 20g3A.8.2 During Emp
19、loyment . 21g3A.8.2.1 Management responsibilities 21g3A.8.2.2 Information security awareness, education, and training 21g3A.8.2.3 Disciplinary process 21g3A.8.3 Termination or Change of Employment . 21g3A.8.3.1 Termination responsibilities 21g3A.8.3.2 Return of assets . 21g3A.8.3.3 Removal of access
20、 rights 21g3A.9 Physical and environmental security 21g3A.9.1 Secure Areas . 21g3A.9.1.1 Physical security perimeter . 21g3A.9.1.2 Physical entry controls 21g3A.9.1.3 Securing offices, rooms, and facilities 22g3A.9.1.4 Protecting against external and environmental threats 22g3A.9.1.5 Working in secu
21、re areas 22g3A.9.1.6 Public access, delivery, and loading areas 22g3A.9.2 Equipment Security 22g3A.9.2.1 Equipment siting and protection . 22g3A.9.2.2 Supporting utilities 22g3A.9.2.3 Cabling security 22g3A.9.2.4 Equipment maintenance 22g3A.9.2.5 Security of equipment off-premises 22g3A.9.2.6 Secure
22、 disposal or re-use of equipment 22g3A.9.2.7 Removal of property . 22g3A.10 Communications and operations management . 23g3A.10.1 Operational procedures and responsibilities . 23g3A.10.1.1 Documented operating procedures . 23g3ETSI ETSI TR 101 533-2 V1.3.1 (2012-04)5A.10.1.2 Change management . 23g3
23、A.10.1.3 Segregation of duties 23g3A.10.1.4 Separation of development, test, and operational facilities . 23g3A.10.2 Third party service delivery management 23g3A.10.2.1 Service delivery 23g3A.10.2.2 Monitoring and review of third party services 23g3A.10.2.3 Managing changes to third party services
24、. 24g3A.10.3 System planning and acceptance 24g3A.10.3.1 Capacity management . 24g3A.10.3.2 System acceptance 24g3A.10.4 Protection against malicious and mobile code 24g3A.10.4.1 Controls against malicious code . 24g3A.10.4.2 Controls against mobile code 24g3A.10.5 Back-up 24g3A.10.5.1 Information b
25、ack-up . 24g3A.10.6 Network security management . 24g3A.10.6.1 Network controls 24g3A.10.6.2 Security of network services . 25g3A.10.7 Media handling . 25g3A.10.7.1 Management of removable media . 25g3A.10.7.2 Disposal of media . 25g3A.10.7.3 Information handling procedures 25g3A.10.7.4 Security of
26、system documentation 25g3A.10.8 Exchange of information 25g3A.10.8.1 Information exchange policies and procedures . 25g3A.10.8.2 Exchange agreements . 25g3A.10.8.3 Physical media in transit . 25g3A.10.8.4 Electronic messaging 26g3A.10.8.5 Business information systems . 26g3A.10.9 Electronic commerce
27、 services 26g3A.10.10 Monitoring 26g3A.10.10.1 Audit logging 26g3A.10.10.2 Monitoring system use 26g3A.10.10.3 Protection of log information 26g3A.10.10.4 Administrator and operator logs . 26g3A.10.10.5 Fault logging . 26g3A.10.10.6 Clock synchronization 26g3A.11 Access control 27g3A.11.1 Business r
28、equirement for access control 27g3A.11.1.1 Access control policy 27g3A.11.2 User access management 27g3A.11.2.1 User registration 27g3A.11.2.2 Privilege management . 27g3A.11.2.3 User password management . 27g3A.11.2.4 Review of user access rights . 27g3A.11.3 User responsibilities . 28g3A.11.3.1 Pa
29、ssword use . 28g3A.11.3.2 Unattended user equipment. 28g3A.11.3.3 Clear desk and clear screen policy 28g3A.11.4 Network access control 28g3A.11.4.1 Policy on use of network services . 28g3A.11.4.2 User authentication for external connections 28g3A.11.4.3 Equipment identification in networks . 28g3A.
30、11.4.4 Remote diagnostic and configuration port protection . 28g3A.11.4.5 Segregation in networks 28g3A.11.4.6 Network connection control 29g3A.11.4.7 Network routing control 29g3A.11.5 Operating system access control 29g3A.11.5.1 Secure log-on procedures 29g3A.11.5.2 User identification and authent
31、ication 29g3A.11.5.3 Password management system 29g3ETSI ETSI TR 101 533-2 V1.3.1 (2012-04)6A.11.5.4 Use of system utilities . 29g3A.11.5.5 Session time-out 29g3A.11.5.6 Limitation of connection time . 29g3A.11.6 Application and information access control . 29g3A.11.6.1 Information access restrictio
32、n . 29g3A.11.6.2 Sensitive system isolation . 30g3A.11.7 Mobile computing and teleworking 30g3A.11.7.1 Mobile computing and communications . 30g3A.11.7.2 Teleworking 30g3A.12 Information systems acquisition, development and maintenance 30g3A.12.1 Security requirements of information systems . 30g3A.
33、12.1.1 Security requirements analysis and specification . 30g3A.12.2 Correct processing in applications 30g3A.12.2.1 Input data validation . 30g3A.12.2.2 Control of internal processing . 31g3A.12.2.3 Message integrity 31g3A.12.2.4 Output data validation . 31g3A.12.3 Cryptographic controls . 31g3A.12
34、.3.1 Policy on the use of cryptographic controls 31g3A.12.3.2 Key management 31g3A.12.4 Security of system files 31g3A.12.4.1 Control of operational software 31g3A.12.4.2 Protection of system test data . 32g3A.12.4.3 Access control to program source code 32g3A.12.5 Security in development and suppor
35、t processes . 32g3A.12.5.1 Change control procedures . 32g3A.12.5.2 Technical review of applications after operating system changes 32g3A.12.5.3 Restrictions on changes to software packages 32g3A.12.5.4 Information leakage 32g3A.12.5.5 Outsourced software development 32g3A.12.6 Technical Vulnerabili
36、ty Management 32g3A.12.6.1 Control of technical vulnerabilities . 32g3A.13 Information security incident management 33g3A.13.1 Reporting Information Security Events and Weaknesses . 33g3A.13.1.1 Reporting information security events 33g3A.13.1.2 Reporting security weaknesses . 33g3A.13.2 Management
37、of Information Security Incidents and Improvements 33g3A.13.2.1 Responsibilities and procedures 33g3A.13.2.2 Learning from information security incidents. 33g3A.13.2.3 Collection of evidence 33g3A.14 Business continuity management . 34g3A.14.1 Information security aspects of business continuity mana
38、gement 34g3A.14.1.1 Including information security in the business continuity management process 34g3A.14.1.2 Business continuity and risk assessment . 34g3A.14.1.3 Developing and implementing continuity plans including information security 34g3A.14.1.4 Business continuity planning framework 34g3A.1
39、4.1.5 Testing, maintaining and re-assessing business continuity plans . 34g3A.15 Compliance . 35g3A.15.1 Compliance with legal requirements 35g3A.15.1.1 Identification of applicable legislation 35g3A.15.1.2 Intellectual property rights (IPR) 35g3A.15.1.3 Protection of organizational records . 35g3A.
40、15.1.4 Data protection and privacy of personal information 35g3A.15.1.5 Prevention of misuse of information processing facilities 35g3A.15.1.6 Regulation of cryptographic controls 35g3A.15.2 Compliance with security policies and standards and technical compliance 35g3A.15.2.1 Compliance with securit
41、y policies and standards . 35g3A.15.2.2 Technical compliance checking 36g3A.15.3 Information System Audit Consideration . 36g3ETSI ETSI TR 101 533-2 V1.3.1 (2012-04)7A.15.3.1 Information systems audit controls . 36g3A.15.3.2 Protection of information systems audit tools . 36g3Annex B: Audit Report F
42、ramework . 37g3Annex C: Bibliography 39g3Annex D: Change history 40g3History 41g3ETSI ETSI TR 101 533-2 V1.3.1 (2012-04)8Intellectual Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if
43、 any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are availabl
44、e on the ETSI Web server (http:/ipr.etsi.org). Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or
45、may be, or may become, essential to the present document. Foreword This Technical Report (TR) has been produced by ETSI Technical Committee Electronic Signatures and Infrastructures (ESI). The present document is part 2 of a multi-part deliverable covering provisions for secure and reliable implemen
46、tation, management and assessment of long term data object preservation systems, as identified below: TS 101 533-1: “Requirements for Implementation and Management“; TR 101 533-2: “Guidelines for Assessors“. Acknowledgment The building blocks of the present document were submitted by UNINFO, the Ita
47、lian standardization body for ICT, federated to UNI, Italian member body of CEN and ISO. Introduction Provisions of the present document can be used by Assessors of Data Preservation Systems aiming to verify Data Preservation Services as compliant with the TS 101 533-1 i.4, and in abidance by the ap
48、plicable legislation. ETSI ETSI TR 101 533-2 V1.3.1 (2012-04)91 Scope The present document addresses the assessment of the Information Security Management System (“ISMS“) of a Data Preservation System, by specifying guidelines for Assessors when reviewing and auditing a DPS. No provisions are stated
49、 on: a) Assessors qualification for which existing documentation provides specification of an exhaustive set of provisions; for this purpose ISO/IEC 17021 i.8 and ISO/IEC 27006 i.5 are referred to; b) basic Assessors activities, such as examining the procedures audit trail, since Assessors are assumed to be familiar with them. Additional information is specified in annex B. The present document specifies recommendations on how to assess reliable electronic data object preservation services against the ICT security measures provided for in the sister document TS 101 53
