Setting Up A Common Criteria Environment; About Common Criteria; Required Configuration For The Server Or Network - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual

Chapter 6.
Setting up a Common Criteria
Environment
Setting up a secure environment according to Red Hat Certificate System's Common Criteria
evaluation guidelines requires special planning for its subsystems and users. The actual installation
and configuration process is covered in the Certificate System Administrator's Guide, but the concepts,
security objectives, and considerations are covered in this chapter, as part of planning your Certificate
System deployment.
IMPORTANT
Red Hat Certificate System 8.0 is currently in the evaluation process for Common Criteria.
The complete list of products in evaluation, including Red Hat Certificate System 8.0 is
available at the National Information Assurance Partnership Common Criteria Evaluation
and Validation Scheme website, http://www.niap-ccevs.org/cc-scheme/in_evaluation/.

6.1. About Common Criteria

The Common Criteria for Information Technology Security Evaluation (ISO 15408) is an international
standard defining secure ways to install, configure, and run software and hardware. Common Criteria
allows vendors to define the most secure operating environments for their products. Administrators
can use the guidelines to plan a secure PKI deployment.
At a high level, these Common Criteria guidelines identify:
• Specific configuration and features to use in the Certificate System subsystems
• Certificate System user types, their roles in the PKI, and limits on their roles
• Requirements for the host servers
• Installation procedures for the subsystems
• Features and configurations not covered by the Common Criteria evaluation
Red Hat Certificate System 8.0 is currently in the evaluation process for Common Criteria. The
complete list of products in evaluation, including Red Hat Certificate System 8.0 is available at the
National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme
website, http://www.niap-ccevs.org/cc-scheme/in_evaluation/.

6.2. Required Configuration for the Server or Network

There are two assumptions of the underlying operating system configuration which have to be met for
Certificate System to run in a proper Common Criteria environment:
• Reliable timestamp. Certificate System relies on the operating system to provide reliable
timestamps. To ensure that the certificates signed by the CA contain accurate timestamps and the
audit log events record accurate time of event occurrence, administrators need to make sure the
operating system has a time-syncing mechanism with a reliable source.
79