|
|
 |
SPYRUS Policies and Procedures - System Security Architecture
The SSA contains the detailed and potentially sensitive portions of section 6 of the CPS and a technical description of the system architecture and system security architecture, including firewall and network controls. Vulnerability assessments also normally form part of the SSA. The SSA is internal.
The SSA begins as the system security plan; the plan is usually started at the same time as overall system planning, after business objectives have been determined and policies (including, in the PKI context, the CP) have been derived and developed. IT system specialists work closely with IT security specialists to design system security. The outcome is an architecture that meets business and security requirements, and integrates seamlessly with existing system architecture.
In the PKI environment, the SSA overlaps parts of the CPS, as noted above, yet it is a distinct document used primarily by system technicians who deploy the entire IT system including its PKI elements. In many organizations, therefore, the CA administrator is the same person as the System Administrator - there is a necessary separation of roles which is specified in the CP and CPS. These roles and their designated personnel should be identified in the SSA once it is deployed.
In practice, the SSA is often a very short, but complex document of a number of diagrams and graphics that visually represent the system security architecture. At the planning stage, it is a framework for system planners and designers; at the operational stage, it is a guide for system administrators.
The SPYRUS PKI has a modular and hierarchical architecture that facilitates its integration into IT system architectures. SPYRUS technical consultants work with our customers to ensure a seamless integration in the most cost-effective manner.
|
|
