Netscape MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR Administrator's Manual page 740

1.1 Secure Usage Assumptions
A. Authentication Data Management
An authentication data management policy is enforced to ensure that users change
their authentication data at appropriate intervals and to appropriate values (e.g.,
proper lengths, histories, variations, etc.) (Note: this assumption is not applicable
to biometric authentication data.)
A. Competent Administrators, Operators, Officers and Auditors
Competent Administrators, Operators, Officers and Auditors will be assigned to
manage the TOE and the security of the information it contains.
A. CPS
All Administrators, Operators, Officers, and Auditors are familiar with the
certificate policy (CP) and certification practices statement (CPS) under which the
TOE is operated.
A. Disposal of Authentication Data
Proper disposal of authentication data and associated privileges is performed after
access has been removed (e.g., job termination, change in responsibility).
A. Malicious Code Not Signed
Malicious code destined for the TOE is not signed by a trusted entity.
A. Notify Authorities of Security Issues
Administrators, Operators, Officers, Auditors, and other users notify proper
authorities of any security issues that impact their systems to minimize the
potential for the loss or compromise of data.
A. Social Engineering Training
General users, administrators, operators, officers and auditors are trained in
techniques to thwart social engineering attacks.
A. Cooperative Users
Users need to accomplish some task or group of tasks that require a secure IT
environment. The users require access to at least some of the information managed
by the TOE and are expected to act in a cooperative manner.
740 Netscape Certificate Management System Administrator's Guide • June 2003