GSC Sentinel-2 PDGS SRD - emits - ESA

More documents

Recommendations

Info

GSC Sentinel-2 PDGS SRD Issue 1 Revision 2 (draft) - 25.07.2010 GMES-GSEG-EOPG-RD-09-0028 page 66 of 204 S2-PDGS-SYS-915 All PDGS elements shall be available as stand-alone systems and accessible for testing purposes through a well defined interface protocol and HMI. 5.1.8 SECURITY REQUIREMENTS S2-PDGS-SEC-005 The PDGS shall implement access control mechanisms to any information held inside the PDGS according to the access restriction applicable to the information. S2-PDGS-SEC-010 The PDGS shall be able to use secured mechanisms provided through commercial-bestpractice-technology to support sensible information exchange internally or among its distributed sites and external interfaces (e.g. with the FOS) (e.g. VPN, peer-to-peer encryption, https). S2-PDGS-SEC-015 The PDGS shall provide automatic tools with the capability to check the PDGS software/applications/data for viruses or other malicious code (including location identification). S2-PDGS-SEC-020 The PDGS shall include the functionality to record system activity and security relevant events including the relationship between user actions and system activity (logging) for minimum 6 months. S2-PDGS-SEC-025 The logs of all PDGS systems shall be synchronised. S2-PDGS-SEC-030 The PDGS systems shall provide security mechanisms to prevent accidental and/or intentional alteration to the configured versions of software and firmware, if any. S2-PDGS-SEC-035 The PDGS shall be designed to require positive confirmation of the user/operator for dangerous commands or the erasure of important data files. S2-PDGS-SEC-040 The PDGS shall allow the restriction of access to all its archived data based on user authentication and authorisation mechanisms. ESA UNCLASSIFIED – For Official Use © ESA The copyright of this document is the property of ESA. It is supplied in confidence and shall not be reproduced, copied or communicated to any third party without written permission from ESA.
GSC Sentinel-2 PDGS SRD Issue 1 Revision 2 (draft) - 25.07.2010 GMES-GSEG-EOPG-RD-09-0028 page 67 of 204 S2-PDGS-SEC-045 The PDGS design and configuration in terms of operating-systems and reused software or systems (e.g. off-the-shelf software commercial or public domain) shall be in-line with the CIS security guidelines. Comment: The CIS provides Internet security benchmarks based on recognized best practices for deployment, configuration, and operation of networked systems (http://www.cisecurity.org) S2-PDGS-SEC-050 The PDGS design shall allow adapting to software and hardware evolutions (e.g. OS system upgrade to minor/major release) in a controlled cost manner and without unacceptable negative impacts on operations during the upgrade activities. S2-PDGS-SEC-055 The PDGS design shall allow the periodic update and security patching of operating system and off-the-shelf software. S2-PDGS-SEC-060 The PDGS software shall run with the necessary minimum level of privileges and be designed to access the necessary minimum information and resources needed to its legitimate purpose (least privilege principle). S2-PDGS-SEC-065 The PDGS shall implement well-defined access control measures at the level of network, system, application and data. S2-PDGS-SEC-070 The PDGS systems shall perform preliminary consistency checks over the data received at their input interface before using or forwarding the data to other systems. S2-PDGS-SEC-075 The PDGS software shall not embed any hard-coded root and/or administrative passwords. S2-PDGS-SEC-080 The PDGS shall provide means to handle the users accounts provisioning lifecycle (from user creation, to deletion) allowing to swiftly update their access profiles as soon as requested. S2-PDGS-SEC-085 The PDGS shall provide a centralised authentication mechanism to authenticate Sentinel- 2 users towards system/application/information enforcing secure password policies (min 8 ESA UNCLASSIFIED – For Official Use © ESA The copyright of this document is the property of ESA. It is supplied in confidence and shall not be reproduced, copied or communicated to any third party without written permission from ESA.
Page 1 and 2:
Appendix B D O C U M E N T document
Page 3 and 4:
GSC Sentinel-2 PDGS SRD issue 1 rev
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
GSC Sentinel-2 PDGS SRD Issue 1 Rev
Page 11 and 12:
Page 13 and 14: [RD-11] GMES Sentinel-2 Phases B2,
Page 15 and 16: GSC Sentinel-2 PDGS SRD Issue 1 Rev
Page 29 and 30: ESA UNCLASSIFIED - For Official Use
Page 63: ESA UNCLASSIFIED - For Official Use
Page 75 and 76: 5.3 Data Processing Control (DPC) R
Page 85 and 86: 5.4 Instrument Data Processing (IDP
Page 103 and 104: 5.8 Long-Term Archive (LTA) Service
Page 115 and 116:
Page 117 and 118:
the geographical footprint of the d
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
ESA UNCLASSIFIED - For Official Use
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
S2-PDGS-NET-065 The DCN shall provi
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
show all

GSC Sentinel-2 PDGS SRD - emits - ESA

Create successful ePaper yourself

Delete template?

Save as template?