Features Not Covered By Common Criteria Evaluation - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 8 - DEPLOYMENT:
- Manual (86 pages) ,
- Install manual (132 pages)
Table of Contents
Advertisement
Objective Area
Procedures for preventing
malicious code
Protect stored audit records
Protect user and TSF data
during internal transfer
Require inspection for
downloads
Respond to possible loss of
stored audit records
Restrict actions before
authentication
Security-relevant configuration
management
Time stamps
User authorization
management
React to detected attacks
Table 6.4. Security Objectives
6.6. Features Not Covered by Common Criteria Evaluation`
IMPORTANT
The Registration Manager (RA) is not evaluated or covered by Certificate System's
Common Criteria guidelines.
The CA, DRM, OCSP, TKS, and TPS subsystems can be deployed in any scenario or combination,
as long as they are installed and configured following the Common Criteria Environment rules and
guidelines. This includes making the CA a root or subordinate CA, installing all subsystems, installing
a subset of subsystems, and using multiple instances of a subsystem.
NOTE
For setting up bridges using cross-pair certificates, cooperate with the administrator of the
remote CA to set up the trust between the two certificates.
The Common Criteria environment does not cover any of these other features in Certificate System:
• Using the Registration Manager.
• Generating keys or storing certificates in software tokens.
• Using the password.conf file for remote startup.
• Cloning a Certificate Manager.
Features Not Covered by Common Criteria Evaluation`
Description
Incorporate malicious code prevention procedures and mechanisms.
Protect audit records against unauthorized access, modification, or deletion to ens
Ensure the integrity of user and TSF data transferred internally within the system.
Require inspection of downloads/transfers.
Respond to possible loss of audit records when audit trail storage is full or nearly f
Restrict the actions a user may perform before Certificate System authenticates th
Manage and update system security policy data and enforcement functions, and o
they are consistent with organizational security policies.
Provide time stamps to ensure that the sequencing of events can be verified.
Manage and update user authorization and privilege data to ensure they are cons
policies.
Implement automated notification (or other responses) to the TSF-discovered atta
attack deterrent.
87
Advertisement
Table of Contents
