Table of Contents
Advertisement
1.2 Security Objectives for the Environment
1.2.1 Non-IT security objectives for the
environment
O. Administrators, Operators, Officers and Auditors guidance
documentation
Deter Administrator, Operator, Officer or Auditor errors by providing adequate
documentation on securely configuring and operating the CIMC.
O. Auditors Review Audit Logs
Identify and monitor security-relevant events by requiring auditors to review audit
logs on a frequency sufficient to address level of risk.
O. Authentication Data Management
Ensure that users change their authentication data at appropriate intervals and to
appropriate values (e.g., proper lengths, histories, variations, etc.) through
enforced authentication data management (Note: this objective is not applicable to
biometric authentication data.)
O. Communications Protection
Protect the system against a physical attack on the communications capability by
providing adequate physical security.
O. Competent Administrators, Operators, Officers and Auditors
Provide capable management of the TOE by assigning competent Administrators,
Operators, Officers and Auditors to manage the TOE and the security of the
information it contains.
O. CPS
All Administrators, Operators, Officers and Auditors shall be familiar with the
certificate policy (CP) and the certification practices statement (CPS) under which
the TOE is operated.
O. Disposal of Authentication Data
Provide proper disposal of authentication data and associated privileges after
access has been removed (e.g., job termination, change in responsibility).
Appendix D
Common Criteria Environment: Security Objectives
699
Advertisement
Table of Contents
