Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual page 96

Chapter 6. Setting up a Common Criteria Environment
Objective Area
Malicious code not signed
Notify authorities of security
issues
Physical protection
Social engineering training
Cooperative users
Lifecycle security
Repair identified security flaws The vendor repairs security flaws that have been identified by a user.
Cryptographic functions
Operating System
Periodically check integrity
Security roles
Validation of security function
Trusted Path
Configuration Management
Data import/export
Detect modifications of
firmware, software, and
backup data
Individual accountability and
audit records
Integrity protection of user
data and software
Limitation of administrative
access
Maintain user attributes
Manage behavior of security
functions
Object and data recovery free
from malicious code
86
Description
Protect Certificate System from malicious code by ensuring all code is signed by a trusted
Notify proper authorities of any security issues that impact their systems to minimize the p
Those responsible for Certificate System must ensure that the security-relevant compone
physical attack that might compromise IT security.
Provide training for general users, Administrators, Operators, Officers and Auditors in tech
Ensure that users are cooperative so that they can accomplish some task or group of task
information managed by Certificate System.
Provide tools and techniques used during the development phase to ensure security is de
flaws during the operational phase.
The TOE must implement approved cryptographic algorithms for encryption/decryption, a
verification; approved key generation techniques and use validated cryptographic module
validated.)
The operating system used is validated to provide adequate security, including domain se
accordance with security requirements recommended by the National Institute of Standar
Provide periodic integrity checks on both system and software.
Maintain security-relevant roles and the association of users with those roles.
Ensure that security-relevant software, hardware, and firmware are correctly functioning th
Provide a trusted path between the user and the system. Provide a trusted path to securit
points have assured identities.
Implement a configuration management plan. Implement configuration management to as
(software, hardware, and firmware), and components (software, hardware, and firmware),
controlling changes to configuration items.
Protect data assets when they are being transmitted to and from Certificate System, eithe
or directly to/from human users.
Provide integrity protection to detect modifications to firmware, software, and backup data
Provide individual accountability for audited events. Record in audit records: date and tim
action.
Provide appropriate integrity protection for user data and software.
Design administrative functions so that Administrators, Operators, Officers and Auditors d
objects, except for necessary exceptions. Control access to the system by Operators and
system and perform system updates.
Maintain a set of security attributes (which may include role membership. access privilege
This is in addition to user identity.
Provide management functions to configure, operate, and maintain the security mechanis
Recover to a viable state after malicious code is introduced and damage occurs. That sta
code.