Required Features And Configurations For The Certificate System Subsystems - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual

Chapter 6. Setting up a Common Criteria Environment
• Secure password and certificate storage. Plan for the storage of any passwords and certificates.
Also define the user password policy. Make sure everyone knows and adheres to these policies.
In addition to the host configuration for passwords and timestamps, the Certificate System host server
and its network environment must both offer protection from potential security issues:
• Recover to a viable state after malicious code is introduced and damage occurs.
• Provide time stamps to ensure the sequencing of events can be verified.
• Implement automated notification or other responses to the TSF-discovered attacks in order to
identify attacks and create an attack deterrent.
• Require inspection for downloads.
• Respond to possible loss of stored audit records.
6.3. Required Features and Configurations for the
Certificate System Subsystems
For the security environment, all of these Certificate System features must be implemented.
Storing Data in a Hardware Token
Subsystem certificate private keys and secret keys are to be generated and stored in a FIPS 140-1
level 3 certified hardware cryptographic token.
Install the software and hardware for the hardware token before installing and configuring the
subsystems. Use the hardware token to create subsystem certificates as each subsystem is
configured.
Each subsystem needs at least one certified hardware cryptographic module; the DRM requires two,
one for user private key transport key and one for user private key storage key.
This environment requires a FIPS 140-1 level 3 certified hardware cryptographic module.
Revocation Checking
Revocation checking is required to verify the status of Certificate System user certificates.
SSL Client Authentication with the Internal Database
The internal LDAP database used by the subsystem must be set up for SSL client authentication.
Administrative Console
Because SSL is required for running the subsystem and using the password file to remote startup is
prohibited, the admin console cannot be used to start or restart an instance, and the passwords must
be supplied manually when the instance is started in the command line.
Audit Logs
Signed audit logs must be enabled. Certificate System 8.0 maintains all security relevant audit records
in an audit log. Each audit record includes the date, time, event, thread ID, user ID, error or return
80