CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE

Size: px
Start display at page:

Download "CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE"

Transcription

1 CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE Version 0.3 Crown Copyright 2012 All Rights Reserved

2 CPA Security Characteristics for Data Sanitisation - Flash Based Storage Document History Version Date Description 0.1 June 2011 First draft 0.2 July 2011 Updated following internal review 0.3 August 2011 Updated following external review This Security Characteristic is derived from the following files File Name Version Data Sanitisation Flash Based Storage v0.3.cxl 0.3 Common Libraries - v1.0.cxl 1.0 Hardware Libraries v1.0.cxl 1.0 Soft copy location DiscoverID This document is authorised by: Deputy Technical Director (Assurance), CESG This document is issued by CESG For queries about this document please contact: CPA Administration Team CESG Hubble Road Cheltenham Gloucestershire GL51 0EX United Kingdom Tel: +44 (0) cpa@cesg.gsi.gov.uk The CPA Authority may review, amend, update, replace or issue new Scheme Documents as may be required from time to time. Page ii

3 CPA Security Characteristics for Data Sanitisation - Flash Based Storage CONTENTS REFERENCES... iv I. OVERVIEW... 1 A. Product Aims... 1 B. Typical Use Case(s)... 1 C. Expected Operating Environment... 1 D. Compatibility... 1 E. Interoperability... 1 F. Future Enhancements... 1 II. SECURITY CHARACTERISTIC FORMAT... 2 III. REQUIREMENTS... 3 A. Design Mitigations... 3 B. Verification Mitigations... 3 C. Deployment Mitigations... 3 IV. GLOSSARY... 4 Page iii

4 CPA Security Characteristics for Data Sanitisation - Flash Based Storage REFERENCES [a] The Process for Performing Foundation Grade CPA Evaluations, v1.3, August 2011, CESG [b] HMG IA Standard No. 5 - Secure Sanitisation (April 2011 Issue No: 4.0) Page iv

5 I. OVERVIEW 1. This document is a CPA Security Characteristic it describes requirements for a particular type of assured product for evaluation and certification under CESG s Commercial Product Assurance (CPA) scheme. A. Product Aims 2. This Security Characteristic covers sanitisation of all Flash-based storage media. Typical examples include solid-state hard drives, USB Thumb drives and SD cards. B. Typical Use Case(s) 3. A certified Foundation grade product may be used to reduce the protective marking of Flash storage media. The product may also be deployed to allow re-use of Flash storage media in the same or an equivalent environment. This is relevant where there is a requirement to limit the availability of data to those with a legitimate need for access. 4. Use of a certified Foundation grade product is a Category B procedure, sufficient to mitigate against a Basic Laboratory attack type as defined in [b]. C. Expected Operating Environment 5. Products for sanitising Flash based storage may operate in any environment where Flash technology is used for data storage. D. Compatibility 6. Flash sanitisation products may exist as software executed on any platform to which the Flash storage is attached. Alternatively, solutions may be integrated as a function within the storage device itself. E. Interoperability 7. Sanitisation functions will not always exist as a product in their own right. It is preferable for other approved products using Flash based storage to include built in sanitisation functions. F. Future Enhancements 8. No enhancements are currently planned for this Security Characteristic. 9. CESG welcomes feedback and suggestions on possible enhancements to this Security Characteristic. Page 1

6 II. SECURITY CHARACTERISTIC FORMAT 10. All CPA Security Characteristics contain a list of mitigations which are split into three requirement categories: development, verification and deployment requirements. Within each of these sets the mitigations can be grouped based on areas of the product (as illustrated in the High Level Functional Component Diagram above), such as bulk encryption or authentication, or they may be overarching requirements which apply to the whole product. Reference [a] describes how evaluation teams should interpret Security Characteristics. 11. The three types of mitigations are denominated as follows: DEV These are mitigations that are included by the developer during the design or implementation of the product. These are validated via a review of the product s design or implementation during a CPA evaluation. VER Verification mitigations are specific mitigations that the evaluator must test during the assessment of the product. DEP Deployment mitigations are points that must be considered by users or administrators during the deployment of the product. These mitigations are incorporated into the security procedures for the product. 12. Each mitigation includes informational text in italics, describing the threat that it is expected to mitigate. It also lists at least one specific mitigation, which describes what must actually be done to achieve that requirement. In some cases there is additional explanatory text which expands upon these requirements. 13. In the requirements listed below, the following terminology can be used: Must, Mandatory and Required are used to express a mitigation that is essential. All mitigations and detailed mitigations are mandatory unless there is an explicit caveat, such as if supported by the product. Should and Strongly Recommended are used whenever a requirement is highly desirable, but is not essential. These are likely to become mandatory in future iterations of the Security Characteristic. Could and Recommended are used to express a non-mandatory requirement that may enhance security or functionality. 14. For example: DEV.M1: [A mitigation] This mitigation is required to counter [a threat] At Foundation the product must [do something]. This can be achieved by [explanatory comment]. Page 2

7 III. REQUIREMENTS A. Design Mitigations DEV.M28: Code is signed and verified. This mitigation is required to counter installation of malware on host. At Foundation Grade the product is required to ensure all code is signed and verified prior to installation. The product must have a built-in signature verification mechanism. The digital signature algorithm must be ECDSA-256 or DSA-1536/192 and the hash algorithm must be SHA-256. If there are additional resources as part of the installation package, such as configuration files, then these must also be signed. DEV.M274: Directly address the Flash cells to overwrite all data, including redundant physical blocks normally hidden by the flash translation layer. This mitigation is required to counter reading directly from Flash cells, bypassing the flash translation layer/memory management. At Foundation Grade the product is required to overwrite all physical memory locations with NPM data. Then perform a further 'full erase' in accordance with the Flash manufacturer's instructions. DEV.M275: Verify all sensitive data has been sanitised. This mitigation is required to counter reading non-sanitised data. At Foundation Grade the product is required to carry out a verification step to ensure NPM data has been written to all locations as expected. Any locations which cannot be overwritten must be reported. B. Verification Mitigations VER.M277: Attempt recovery of data from a sanitised Flash storage device. This mitigation is required to counter reading non-sanitised data. At Foundation Grade the evaluator will write a known pattern to all blocks of a Flash memory device before sanitisation. After sanitisation, read back the contents and verify that all blocks (including any hidden or redundant regions) have been overwritten. C. Deployment Mitigations DEP.M30: Detect modification to system. This mitigation is required to counter installation of malware on host. At Foundation Grade the deployment is required to regularly run a commercial malware detection tool on the protected product. DEP.M276: If any Flash cells fail to sanitise, dispose of media in a secure manner. This mitigation is required to counter reading non-sanitised data. At Foundation Grade the deployment is required to consult HMG IA Standard No.5 [b], for the appropriate method of secure disposal. Page 3

8 IV. GLOSSARY 15. The following definitions are used in this document: Term COTS CPA HMG NPM SD Security Characteristic USB Meaning Commercial Off The Shelf Commercial Product Assurance Her Majesty s Government Non-Protectively Marked Secure Digital A standard which describes necessary mitigations which must be present in a completed product, its evaluation or usage, particular to a type of security product. Universal Serial Bus Page 4

UNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved.

UNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved. CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION Version 1.0 Crown Copyright 2012 All Rights Reserved Page 1 Document History Version Date Description 0.1 June 2012 Initial Draft Version 1.0 July

More information

UNCLASSIFIED 12686381

UNCLASSIFIED 12686381 12686381 CPA SECURITY CHARACTERISTIC IP FILTERING FIREWALLS Version 1.1 Crown Copyright 2011 All Rights Reserved CPA Security Characteristics for IP Filtering firewalls 26/07/2011 Document History Version

More information

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS CESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS Issue 1.1 Crown Copyright 2015 All Rights Reserved 1 of 9 Document History Version Date Description 0.1 November 2012 Initial Draft Version

More information

UNCLASSIFIED CPA SECURITY CHARACTERISTIC REMOTE DESKTOP. Version 1.0. Crown Copyright 2011 All Rights Reserved

UNCLASSIFIED CPA SECURITY CHARACTERISTIC REMOTE DESKTOP. Version 1.0. Crown Copyright 2011 All Rights Reserved 18570909 CPA SECURITY CHARACTERISTIC REMOTE DESKTOP Version 1.0 Crown Copyright 2011 All Rights Reserved CPA Security Characteristics for CPA Security Characteristic Remote Desktop 1.0 Document History

More information

CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT

CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT 26579500 CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT Version 2.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the features, testing and deployment

More information

UNCLASSIFIED CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION. Version 1.1. Crown Copyright 2011 All Rights Reserved

UNCLASSIFIED CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION. Version 1.1. Crown Copyright 2011 All Rights Reserved 11590282 CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION Version 1.1 Crown Copyright 2011 All Rights Reserved CPA Security Characteristics for software full disk encryption Document History [Publish

More information

CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT

CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT 29175671 CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT Version 1.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the

More information

CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES

CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Version 1.1 Crown Copyright 2016 All Rights Reserved 44335885 Page 1 of 6 About this document This document describes the features,

More information

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT Version 1.3 Crown Copyright 2015 All Rights Reserved 49358431 Page 1 of 12 About this document This document describes the features, testing and deployment

More information

CPA SECURITY CHARACTERISTIC ENTERPRISE MANAGEMENT OF DATA AT REST ENCRYPTION

CPA SECURITY CHARACTERISTIC ENTERPRISE MANAGEMENT OF DATA AT REST ENCRYPTION UNCLASSIFIED 24426399 CPA SECURITY CHARACTERISTIC ENTERPRISE MANAGEMENT OF DATA AT REST ENCRYPTION Version 1.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 UNCLASSIFIED Enterprise Management

More information

CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY

CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY 3166116 CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY Version 2.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 MIKEY-SAKKE Secure VoIP gateway About this document This document

More information

UNCLASSIFIED CPA SECURITY CHARACTERISTIC WEB APPLICATION FIREWALLS. Version 1.3. Crown Copyright 2011 All Rights Reserved

UNCLASSIFIED CPA SECURITY CHARACTERISTIC WEB APPLICATION FIREWALLS. Version 1.3. Crown Copyright 2011 All Rights Reserved 18397081 CPA SECURITY CHARACTERISTIC WEB APPLICATION FIREWALLS Version 1.3 Crown Copyright 2011 All Rights Reserved CPA Security Characteristics for Web Application Firewalls Document History [Publish

More information

UNCLASSIFIED 11936884

UNCLASSIFIED 11936884 11936884 CPA SECURITY CHARACTERISTIC GATEWAY EMAIL ENCRYPTION Version 1.0 Crown Copyright 2011 All Rights Reserved CPA Security Characteristics for Gateway Email Encryption 1 st March 2012 Document History

More information

CPA SECURITY CHARACTERISTIC IPSEC VPN FOR REMOTE WORKING SOFTWARE CLIENT

CPA SECURITY CHARACTERISTIC IPSEC VPN FOR REMOTE WORKING SOFTWARE CLIENT 24419250 CPA SECURITY CHARACTERISTIC IPSEC VPN FOR REMOTE WORKING SOFTWARE CLIENT Version 2.1 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the

More information

CPA SECURITY CHARACTERISTIC GATEWAY EMAIL ENCRYPTION

CPA SECURITY CHARACTERISTIC GATEWAY EMAIL ENCRYPTION 11936884 CPA SECURITY CHARACTERISTIC GATEWAY EMAIL ENCRYPTION Version 1.0 Crown Copyright 2016 All Rights Reserved Document History Version Date Description CPA Security Characteristics for Gateway Email

More information

October 2015 Issue No: 1.1. Security Procedures Windows Server 2012 Hyper-V

October 2015 Issue No: 1.1. Security Procedures Windows Server 2012 Hyper-V October 2015 Issue No: 1.1 Security Procedures Windows Server 2012 Hyper-V Security Procedures Windows Server 2012 Hyper-V Issue No: 1.1 October 2015 This document describes the manner in which this product

More information

CPA SECURITY CHARACTERISTIC IPSEC VPN GATEWAY

CPA SECURITY CHARACTERISTIC IPSEC VPN GATEWAY CPA SECURITY CHARACTERISTIC IPSEC VPN GATEWAY Version 2.5 Crown Copyright 2016 All Rights Reserved 48770392 Page 1 of 25 About this document This document describes the features, testing and deployment

More information

CPA SECURITY CHARACTERISTIC CPA-SC DESKTOP EMAIL ENCRYPTION 1.0.DOC

CPA SECURITY CHARACTERISTIC CPA-SC DESKTOP EMAIL ENCRYPTION 1.0.DOC 13644643 CPA SECURITY CHARACTERISTIC CPA-SC DESKTOP EMAIL ENCRYPTION 1.0.DOC Version 1.0 Crown Copyright 2016 All Rights Reserved CPA Security Characteristics for CPA-SC Desktop Email Encryption 1.0.doc

More information

UNCLASSIFIED CPA SECURITY CHARACTERISTIC SERVER VIRTUALISATION. Version 1.21. Crown Copyright 2012 All Rights Reserved

UNCLASSIFIED CPA SECURITY CHARACTERISTIC SERVER VIRTUALISATION. Version 1.21. Crown Copyright 2012 All Rights Reserved ID18939561 CPA SECURITY CHARACTERISTIC SERVER VIRTUALISATION Version 1.21 Crown Copyright 2012 All Rights Reserved CPA Security Characteristics for Server Virtualisation 18/05/2012 Document History Version

More information

CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION

CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION 27289237 CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION Version 1.23 Crown Copyright 2016 All Rights Reserved Page 1 About this document This document describes the features, testing and deployment

More information

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC)

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC) CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC) Version 1.0 Crown Copyright 2016 All Rights Reserved Page 1 Document History Version Date Description 1.0 October 2013 Initial issue Soft copy

More information

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services October 2014 Issue No: 2.0 Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

More information

Secure Data Exchange Solution

Secure Data Exchange Solution Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates

More information

CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd

CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd DESTRUCTION OF DATA ON HARD DRIVES, COMPUTER STORAGE MEDIA AND HANDHELD DEVICES INCORPORATING WEEE RECYCLING MANAGEMENT Version 1 VENDOR DETAILS Data Eliminate

More information

Oracle Business Intelligence Enterprise Edition (OBIEE) Version 10.1.3.3.2 with Quick Fix 090406 running on Oracle Enterprise Linux 4 update 5 x86_64

Oracle Business Intelligence Enterprise Edition (OBIEE) Version 10.1.3.3.2 with Quick Fix 090406 running on Oracle Enterprise Linux 4 update 5 x86_64 122-B CERTIFICATION REPORT No. CRP250 Business Intelligence Edition (OBIEE) Version 10.1.3.3.2 with Quick Fix 090406 running on update 5 Issue 1.0 June 2009 Crown Copyright 2009 All Rights Reserved Reproduction

More information

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0 FIPS 40-2 Non- Proprietary Security Policy McAfee SIEM Cryptographic Module, Version.0 Document Version.4 December 2, 203 Document Version.4 McAfee Page of 6 Prepared For: Prepared By: McAfee, Inc. 282

More information

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level April 2015 Issue No:1.0 Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level Application Guidance CCP Security and Information Risk Advisor Role, Practitioner Level

More information

USB Portable Storage Device: Security Problem Definition Summary

USB Portable Storage Device: Security Problem Definition Summary USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides

More information

Citrix Password Manager, Enterprise Edition Version 4.5

Citrix Password Manager, Enterprise Edition Version 4.5 122-B COMMON CRITERIA CERTIFICATION REPORT No. CRP235 Citrix Password Manager, Enterprise Edition Version 4.5 running on Microsoft Windows and Citrix Presentation Server Issue 1.0 June 2007 Crown Copyright

More information

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc. Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0 Accellion, Inc. December 24, 2009 Copyright Accellion, Inc. 2009. May be reproduced only in its original entirety

More information

BlackBerry 10.3 Work and Personal Corporate

BlackBerry 10.3 Work and Personal Corporate GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network

More information

Application Guidance CCP Penetration Tester Role, Practitioner Level

Application Guidance CCP Penetration Tester Role, Practitioner Level August 2014 Issue No: 1.0 Application Guidance CCP Penetration Tester Role, Practitioner Level Application Guidance CCP Penetration Tester Role, Practitioner Level Issue No: 1.0 August 2014 This document

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

Copyright 2011 - bizagi

Copyright 2011 - bizagi Copyright 2011 - bizagi 1. Process Automation with bizagi... 3 Description... 3 Objectives... 3 Target Audience Profile... 4 Duration... 4 2. Part I Basic concepts to build a bizagi solution... 5 Description...

More information

Oracle Identity and Access Management 10g Release 10.1.4.0.1 running on Red Hat Enterprise Linux AS Release 4 Update 5

Oracle Identity and Access Management 10g Release 10.1.4.0.1 running on Red Hat Enterprise Linux AS Release 4 Update 5 122-B CERTIFICATION REPORT No. CRP245 Oracle Identity and Access Management 10g Release 10.1.4.0.1 running on Red Hat Enterprise Linux AS Release 4 Update 5 Issue 1.0 June 2008 Crown Copyright 2008 Reproduction

More information

Secure USB Flash Drive. Biometric & Professional Drives

Secure USB Flash Drive. Biometric & Professional Drives Secure USB Flash Drive Biometric & Professional Drives I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE FLASH DRIVE... 3 DESCRIPTION... 3 IV. MODULES OF SECURE

More information

PROCESS FOR PERFORMING COMMERCIAL PRODUCT ASSURANCE (CPA) FOUNDATION GRADE EVALUATIONS

PROCESS FOR PERFORMING COMMERCIAL PRODUCT ASSURANCE (CPA) FOUNDATION GRADE EVALUATIONS PROCESS FOR PERFORMING COMMERCIAL PRODUCT ASSURANCE (CPA) FOUNDATION GRADE EVALUATIONS Issue 2.4 SEPTEMBER 2014 Crown Copyright 2016 All Rights Reserved 41421324 Page 1 of 32 Foreword This document contains

More information

Patterns for Secure Boot and Secure Storage in Computer Systems

Patterns for Secure Boot and Secure Storage in Computer Systems Patterns for Secure Boot and Secure Storage in Computer Systems Hans Löhr, Ahmad-Reza Sadeghi, Marcel Winandy Horst Görtz Institute for IT Security, Ruhr-University Bochum, Germany {hans.loehr,ahmad.sadeghi,marcel.winandy}@trust.rub.de

More information

CERTIFICATION REPORT No. CRP253

CERTIFICATION REPORT No. CRP253 122-B CERTIFICATION REPORT No. CRP253 Citrix NetScaler Platinum Edition Load Balancer Version 9.1 (Build 100.3.cl) running on NetScaler 9010 FIPS, MPX 7000 platform, MPX 9000 platform, MPX 10000 platform

More information

Walton Centre. Asset Management. Information Security Management System: SS 03: Asset Management Page 1. Version: 1.

Walton Centre. Asset Management. Information Security Management System: SS 03: Asset Management Page 1. Version: 1. Page 1 Walton Centre Asset Management Document History Date Version Author Changes 01/10/2004 1.0 A Cobain L Wyatt 06/01/2004 1.1 L Wyatt Addition of storage media 16/03/2005 1.2 Liam Wyatt Update storage

More information

The Significance of Common Criteria, Protection Profiles, and Lumeta IPsonar

The Significance of Common Criteria, Protection Profiles, and Lumeta IPsonar Lumeta IPsonar 5.5C The Significance of Common Criteria, Protection Profiles, and Lumeta IPsonar The aim of the new Common Criteria is to ensure that commercial enterprise security products represent a

More information

Acano solution. Security Considerations. August 2015 76-1026-01-E

Acano solution. Security Considerations. August 2015 76-1026-01-E Acano solution Security Considerations August 2015 76-1026-01-E Contents Contents 1 Introduction... 3 2 Acano Secure Development Lifecycle... 3 3 Acano Security Points... 4 Acano solution: Security Consideration

More information

USB Portable Storage Device: Security Problem Definition Summary

USB Portable Storage Device: Security Problem Definition Summary USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides

More information

Citrix NetScaler Platinum Edition Load Balancer Version 10.5 running on MPX 9700-FIPS, MPX 10500-FIPS, MPX 12500-FIPS, MPX 15500-FIPS appliances

Citrix NetScaler Platinum Edition Load Balancer Version 10.5 running on MPX 9700-FIPS, MPX 10500-FIPS, MPX 12500-FIPS, MPX 15500-FIPS appliances 122 CERTIFICATION REPORT No. CRP294 Citrix NetScaler Platinum Edition Load Balancer Version 10.5 running on MPX 9700-FIPS, MPX 10500-FIPS, MPX 12500-FIPS, MPX 15500-FIPS appliances Issue 1.0 November 2015

More information

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST Safeguarding Data Using Encryption Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST What is Cryptography? Cryptography: The discipline that embodies principles, means, and methods

More information

HMRC Secure Electronic Transfer (SET)

HMRC Secure Electronic Transfer (SET) HM Revenue & Customs HMRC Secure Electronic Transfer (SET) Installation and key renewal overview Version 3.0 Contents Welcome to HMRC SET 1 What will you need to use HMRC SET? 2 HMRC SET high level diagram

More information

Certification Report

Certification Report Certification Report EAL 4 Evaluation of SecureDoc Disk Encryption Version 4.3C Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification

More information

Third Party Identity Services Assurance Framework. Information Security Registered Assessors Program Guide

Third Party Identity Services Assurance Framework. Information Security Registered Assessors Program Guide Third Party Identity Services Assurance Framework Information Security Registered Assessors Program Guide Version 2.0 December 2015 Digital Transformation Office Commonwealth of Australia 2015 This work

More information

SENSE Security overview 2014

SENSE Security overview 2014 SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2

More information

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement certicom application notes Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS 140-2 security requirement THE PROBLEM How can vendors take advantage

More information

UK IT SECURITY EVALUATION AND CERTIFICATION SCHEME

UK IT SECURITY EVALUATION AND CERTIFICATION SCHEME UK IT SECURITY EVALUATION AND CERTIFICATION SCHEME 122-B CERTIFICATION REPORT No. P149 CHECK POINT VPN-1/FIREWALL-1 Issue 1.0 January 2001 Crown Copyright 2001 Reproduction is authorised provided the report

More information

Service Definition Document

Service Definition Document Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)

More information

Guidance Regarding Skype and Other P2P VoIP Solutions

Guidance Regarding Skype and Other P2P VoIP Solutions Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

developing your potential Cyber Security Training

developing your potential Cyber Security Training developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company

More information

Randomized Hashing for Digital Signatures

Randomized Hashing for Digital Signatures NIST Special Publication 800-106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department

More information

CESG Certification of Cyber Security Training Courses

CESG Certification of Cyber Security Training Courses CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security

More information

Pulse Secure, LLC. January 9, 2015

Pulse Secure, LLC. January 9, 2015 Pulse Secure Network Connect Cryptographic Module Version 2.0 Non-Proprietary Security Policy Document Version 1.1 Pulse Secure, LLC. January 9, 2015 2015 by Pulse Secure, LLC. All rights reserved. May

More information

Notable Changes to NERC Reliability Standard CIP-010-3

Notable Changes to NERC Reliability Standard CIP-010-3 C L AR I T Y AS S U R AN C E R E S U LT S M I D W E S T R E LIAB I L I T Y ORGAN I Z AT I ON Notable Changes to NERC Reliability Standard CIP-010-3 Cyber Security Configuration Change Management and Vulnerability

More information

Cisco Trust Anchor Technologies

Cisco Trust Anchor Technologies Data Sheet Cisco Trust Anchor Technologies Overview Cisco Trust Anchor Technologies provide the foundation for trustworthy systems across Cisco. The Cisco Trust Anchor and a Secure Boot check of signed

More information

FIPS 140 2 Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

FIPS 140 2 Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive FIPS 140 2 Non Proprietary Security Policy Kingston Technology Company, Inc. DataTraveler DT4000 G2 Series USB Flash Drive Document Version 1.8 December 3, 2014 Document Version 1.8 Kingston Technology

More information

Technical Standards for Information Security Measures for the Central Government Computer Systems

Technical Standards for Information Security Measures for the Central Government Computer Systems Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...

More information

Executable Integrity Verification

Executable Integrity Verification Executable Integrity Verification Abstract Background Determining if a given executable has been trojaned is a tedious task. It is beyond the capabilities of the average end user and even many network

More information

CERTIFICATION REPORT No. CRP271

CERTIFICATION REPORT No. CRP271 122 CERTIFICATION REPORT No. CRP271 Citrix XenDesktop Version 5.6 Platinum Edition Running on Server Components: Microsoft Windows Server 2008 R2 SP1, Enterprise Edition, 64-bit and User Devices and VMs:

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Security Principles. Related to. Handset Theft

Security Principles. Related to. Handset Theft Security Principles Related to Handset Theft Table of Contents TABLE OF CONTENTS...2 GLOSSARY OF TERMS...3 1. INTRODUCTION...4 1.1 IMPORTANCE OF IMEI INTEGRITY...4 1.2 IMPROVED IMEI INTEGRITY PRINCIPLES...4

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

More information

28400 POLICY IT SECURITY MANAGEMENT

28400 POLICY IT SECURITY MANAGEMENT Version: 2.2 Last Updated: 30/01/14 Review Date: 27/01/17 ECHR Potential Equality Impact Assessment: Low 1. About This Policy 1.1. The objective of this policy is to provide direction and support for IT

More information

IT Networking and Security

IT Networking and Security elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer

More information

SP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

SP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter SP 800-130 A Framework for Designing Cryptographic Key Management Systems 5/25/2012 Lunch and Learn Scott Shorter Topics Follows the Sections of SP 800-130 draft 2: Introduction Framework Basics Goals

More information

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015 Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction

More information

Summary of CIP Version 5 Standards

Summary of CIP Version 5 Standards Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 sm Open Data Center Alliance Usage: Provider Assurance Rev. 1.1 Legal Notice This Open Data Center Alliance SM Usage:Provider Assurance is proprietary to the Open Data Center Alliance, Inc. NOTICE TO USERS

More information

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their

More information

IT Heath Check Scoping guidance ALPHA DRAFT

IT Heath Check Scoping guidance ALPHA DRAFT IT Heath Check Scoping guidance ALPHA DRAFT Version 0.1 November 2014 Document Information Project Name: ITHC Guidance Prepared By: Mark Brett CLAS Consultant Document Version No: 0.1 Title: ITHC Guidance

More information

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker

More information

Certification Report

Certification Report Certification Report EAL 4+ Evaluation of Entrust Authority Security Manager and Security Manager Administration v8.1 SP1 Issued by: Communications Security Establishment Canada Certification Body Canadian

More information

Site to Site Virtual Private Networks (VPNs):

Site to Site Virtual Private Networks (VPNs): Site to Site Virtual Private Networks Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0002.01 Prog. Director Mark Ferrar Owner Tim Davis Version 1.0

More information

SSL CERTIFICATE GOOD PRACTICE GUIDE

SSL CERTIFICATE GOOD PRACTICE GUIDE SSL CERTIFICATE GOOD PRACTICE GUIDE VERSION: 1.2 DATE: 23/09/2015 TASK NUMBER: PREPARED FOR Paul Docherty Director Portcullis Computer Security Ltd The Grange Barn Pike s End Pinner Middlesex HA5 2EX Tel:

More information

ScreenMaster RVG200 Paperless recorder FDA-approved record keeping. Measurement made easy

ScreenMaster RVG200 Paperless recorder FDA-approved record keeping. Measurement made easy Information INF13/147 EN ScreenMaster RVG200 Paperless recorder FDA-approved record keeping Measurement made easy Guidance on the use of the RVG200 paperless recorder for electronic record keeping in FDA-approved

More information

End User Devices Security Guidance: Apple OS X 10.10

End User Devices Security Guidance: Apple OS X 10.10 GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.10 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best

More information

BlackBerry 10.3 Work Space Only

BlackBerry 10.3 Work Space Only GOV.UK Guidance BlackBerry 10.3 Work Space Only Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network architecture

More information

Service Description. 3SKey. Connectivity

Service Description. 3SKey. Connectivity Connectivity 3SKey Service Description This document describes the features and functions of the components of the 3SKey solution and the roles and responsibilities of all parties involved in the 3SKey

More information

DNSSEC - Tanzania

DNSSEC - Tanzania DNSSEC Policy & Practice Statement for.tz Zone Version 1.1 Effective Date: January 1, 2013 Tanzania Network Information Centre 14107 LAPF Millenium Towers, Ground Floor, Suite 04 New Bagamoyo Road, Dar

More information

GoodData Corporation Security White Paper

GoodData Corporation Security White Paper GoodData Corporation Security White Paper May 2016 Executive Overview The GoodData Analytics Distribution Platform is designed to help Enterprises and Independent Software Vendors (ISVs) securely share

More information

Key Management Interoperability Protocol (KMIP)

Key Management Interoperability Protocol (KMIP) (KMIP) Addressing the Need for Standardization in Enterprise Key Management Version 1.0, May 20, 2009 Copyright 2009 by the Organization for the Advancement of Structured Information Standards (OASIS).

More information

Application Architectures

Application Architectures Software Engineering Application Architectures Based on Software Engineering, 7 th Edition by Ian Sommerville Objectives To explain the organization of two fundamental models of business systems - batch

More information

Certification Report

Certification Report Certification Report EAL 4+ Evaluation of ncipher nshield Family of Hardware Security Modules Firmware Version 2.33.60 Issued by: Communications Security Establishment Canada Certification Body Canadian

More information

SIMPLIFYING THE PATCH MANAGEMENT PROCESS

SIMPLIFYING THE PATCH MANAGEMENT PROCESS SIMPLIFYING THE PATCH MANAGEMENT PROCESS www.icsupdate.com Monta Elkins Security Architect FoxGuard Solutions melkins@foxguardsolutions.com SIMPLIFYING THE PATCH MANAGEMENT PROCESS 2 SIMPLIFYING THE PATCH

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Challenges and Solutions for Effective SSD Data Erasure

Challenges and Solutions for Effective SSD Data Erasure Challenges and Solutions for Effective SSD Data Erasure Blancco White Paper Published 8 October 2013 First Edition Table of contents Introduction...3 The Simplicity And Complexity Of SSDs...4 Traditional

More information

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015 NovaTech NERC CIP Compliance Document and Product Description Updated June 2015 This document describes the NovaTech Products for NERC CIP compliance and how they address the latest requirements of NERC

More information

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing

More information

Information Services. The University of Kent Information Technology Security Policy

Information Services. The University of Kent Information Technology Security Policy Information Services The University of Kent Information Technology Security Policy 1. General The University IT Security Policy (the Policy) shall be approved by the Information Services Committee (ISC)

More information

Citrix NetScaler Platinum Edition Load Balancer

Citrix NetScaler Platinum Edition Load Balancer 122-B CERTIFICATION REPORT No. CRP262 Citrix NetScaler Platinum Edition Load Balancer Version 9.2 running on platforms MPX 5500, MPX 9700-FIPS, MPX 10500-FIPS, MPX 12500-FIPS, MPX 15500-FIPS, MPX 7500,

More information

[SMO-SFO-ICO-PE-046-GU-

[SMO-SFO-ICO-PE-046-GU- Presentation This module contains all the SSL definitions. See also the SSL Security Guidance Introduction The package SSL is a static library which implements an API to use the dynamic SSL library. It

More information

Code Signing for Source Code

Code Signing for Source Code 1 2 ISO/IEC JTC 1/SC 22/WG 23 N 0318 Meeting #17 markup of, Strawman draft, Code Signing for Source Code 3 Date 2011-03-23 Contributed by Secretary Original file name Notes Replaces N0317 4 5 6 Code Signing

More information

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ) Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ) Version 1.0 January 18, 2011 Table of Contents 1. INTRODUCTION... 3 1.1 BACKGROUND... 3 1.2 OBJECTIVE AND AUDIENCE...

More information