Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 700

1.2 Security Objectives for the Environment
O. Installation
Those responsible for the TOE must ensure that the TOE is delivered, installed,
managed, and operated in a manner which maintains IT security.
O. Malicious Code Not Signed
Protect the TOE from malicious code by ensuring all code is signed by a trusted
entity prior to loading it into the system.
O. Notify Authorities of Security Issues
Notify proper authorities of any security issues that impact their systems to
minimize the potential for the loss or compromise of data.
O. Physical Protection
Those responsible for the TOE must ensure that the security-relevant components
of the TOE are protected from physical attack that might compromise IT security.
O. Social Engineering Training
Provide training for general users, Administrators, Operators, Officers and
Auditors in techniques to thwart social engineering attacks.
O. Cooperative Users
Ensure that users are cooperative so that they can accomplish some task or group
of tasks that require a secure IT environment and information managed by the
TOE.
O. Lifecycle security
Provide tools and techniques used during the development phase to ensure
security is designed into the CIMC. Detect and resolve flaws during the operational
phase.
O. Repair identified security flaws
The vendor repairs security flaws that have been identified by a user.
700 Netscape Certificate Management System Administrator's Guide • February 2003