Toe Security Environment Assumptions; Security Requirements For The It Environment; It Environment Assumptions; Reliable Timestamp - Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual

TOE Security Environment Assumptions

TOE Security Environment Assumptions
For information about the TOE Security Environment, see Appendix E, "Common
Criteria Environment: TOE Security Environment Assumptions".

Security Requirements for the IT Environment

The security requirements for the IT environment are detailed in Appendix A,
"Common Criteria Environment: Security Requirements."

IT Environment Assumptions

The assumptions about the TOE's environment are that you have the ability to:
• Recover to a viable state after malicious code is introduced and damage occurs.
• Provide time stamps to ensure the sequencing of events can be verified.
• Implement automated notification or other responses to the TSF-discovered
attacks in order to identify attacks and create an attack deterrent.
• Require inspection for downloads.
• Respond to possible loss of stored audit records.

Reliable Timestamp

CMS relies on the operating system to provide reliable timestamps. To ensure that
the certificates signed by the CA contain accurate timestamps and the audit log
events record accurate time of event occurrence, CMS administrators need to make
sure the operating system has a time-syncing mechanism with a reliable source.

Private and Secret Key Zeroization

There are no explicit calls from CMS code to do private and secret key zeroization.
NSS automatically handles zeroization for CMS by invoking the zeroization
routines provided by the cryptographic hardware, so there isn't anything the
administrator needs to do specifically to activate this feature.
678 Netscape Certificate Management System Administrator's Guide • February 2003