1.2.2 It Security Objectives For The Environment - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

1.2 Security Objectives for the Environment
O. Notify Authorities of Security Issues
Notify proper authorities of any security issues that impact their systems to minimize the
potential for the loss or compromise of data.
O. Physical Protection
Those responsible for the TOE must ensure that the security-relevant components of the
TOE are protected from physical attack that might compromise IT security.
O. Social Engineering Training
Provide training for general users, Administrators, Operators, Officers and Auditors in
techniques to thwart social engineering attacks.
O. Cooperative Users
Ensure that users are cooperative so that they can accomplish some task or group of tasks
that require a secure IT environment and information managed by the TOE.
O. Lifecycle security
Provide tools and techniques used during the development phase to ensure security is
designed into the CIMC. Detect and resolve flaws during the operational phase.
O. Repair identified security flaws
The vendor repairs security flaws that have been identified by a user.

1.2.2 IT security objectives for the environment

O. Cryptographic functions
The TOE must implement approved cryptographic algorithms for encryption/decryption,
authentication, and signature generation/verification; approved key generation techniques
and use validated cryptographic modules. (Validated is defined as FIPS 140-1 validated.)
O. Operating System
The operating system used is validated to provide adequate security, including domain
separation and nonbypassability, in accordance with security requirements recommended
by the National Institute of Standards and Technology.
710 Red Hat Certificate System Administrator's Guide • September 2005