9.3 Trust Management

1. What is your organization's policy regarding which entities to trust:

   1. (__) Trust anyone

   2. (__) Trust all members of the Trust Network

   3. (__) Trust all members of the Trust Network that also pass local check (e.g. black list)

   4. (__) Explicit local check (e.g. white list)

   5. (__) Other, please describe: _______________

2. What administrative and system administration procedures do you have in place to check that your software is configured to trust only the entities that your organization has decided to trust?

3. What techniques and procedures do you use to ensure that the trust settings are not tampered with and that if tampered, you detect the alterations in a timely manner?