1.2.4 External Attacks; 1.3 Organization Security Policies - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

1.3 Organization Security Policies

T. Modification of private/secret keys
A secret/private key is modified.
T. Sender denies sending information
The sender of a message denies sending the message to avoid accountability for sending the
message and for subsequent action or inaction.

1.2.4 External Attacks

T. Hacker gains access
A hacker masquerades as an authorized user to perform operations that will be attributed to
the authorized user or a system process or gains undetected access to a system due to
missing, weak and/or incorrectly implemented access control causing potential violations of
integrity, confidentiality, or availability.
T. Hacker physical access
A hacker physically interacts with the system to exploit vulnerabilities in the physical
environment, resulting in arbitrary security compromises.
T. Social engineering
A hacker uses social engineering techniques to gain information about system entry, system
use, system design, or system operation.
1.3 Organization Security Policies
P. Authorized use of information
Information shall be used only for its authorized purpose(s).
P. Cryptography
FIPS-approved or NIST-recommended cryptographic functions shall be used to perform all
cryptographic operations.
Appendix E Common Criteria Environment: TOE Security Environment Assumptions 719