At its 6th meeting, the Computer Security Board formally approved several Subsidiary Rules to the Use of CERN computing facilities (Operational  Circular No. 5, OC5) related to Identities, Authentication & Authorisation (IAA5/6) and Data Protection & Privacy (DPP2). In addition, some rules were corrected with respect to the English (i.e. EPT1-5, IAA1-8, OPS1,3-11, NET1-9, and SWR1-4).

At its 7th meeting, the Computer Security Board formally approved several OC5 Subsidiary Rules related to Data Protection & Privacy (DPP1,3-5), Identities, Authentication & Authorization (IAA9), IT Service Operations (OPS1/2) and Software Development & Configuration (DEV1-3). Particularly relevant is the DEV2/OPS2, requiring that any software development or IT service, respectively, "must adhere to the Security Principles published by the Computer Security Office". Please find these Security Principles here for containers, operating systems, software development and web applications. Together with the mandatory training, that should give you a good portfolio to develop and run secure applications and IT services... Thanks a lot for helping securing CERN!

All the approved rules are documented on the website of CERN's Computing Rules.

For more information, read this article: Computer Security: Security Rules revised