Application of ALC requirements to Open Source projects
|
|
- Gabriel Chapman
- 8 years ago
- Views:
Transcription
1 Application of ALC requirements to Open Source projects Christophe BLAD 1 ICCC 2012 Paris
2 CESeCore Open Source library for digital signature and PKI services Signature Key generation Certificate generation & revocation OCSP Initial development by CESeCore consortium: PrimeKey (Sweden) MultiCert (Portugal) E-Imza (Turkey) Commfides (Norway) Result of the CESeCore project sponsored by EUREKA s Eurostars Programme Partially funded by National public authorities of each participant 2 ICCC 2012 Paris
3 EJBCA Open Source PKI Project hosted by Primekey (Sweden) EJBCA branch 5.x based on CESeCore library 3 ICCC 2012 Paris
4 EAL+ certification EAL4 augmented with ALC_FLR.2, CC 3.1 r3 Evaluation by Oppida ITSEF (France), Certification by ANSSI (France) All evaluation documents in Wiki format (except the security target) Compliance with CIMC PP level 3 4 ICCC 2012 Paris
5 ALC_LCD.1: Life-cycle definition The TOEs are mainly developed by core groups (CESECORE consortium, PrimeKey) but is open to external contributors All contributors can develop their own modules with the tools & techniques they want But contributions are only source code files (not built modules) Main steps: Discovery of new features or improvements Requirements analysis by the core group Analysis and design Development Quality assurance (code review & testing) 5 ICCC 2012 Paris
6 ALC_CMC.4, ALC_CMS.4: Configuration management Use of a classical Subversion repository managed by PrimeKey CC requirements: Recording of modification (by default in subversion) Contributions accounting Requires a reliable identification and authentication of contributors Modification of the contributors registration procedure Review of applications before granting write access to the repository Requires review of all contributions integration in an official release (systematic code review) 6 ICCC 2012 Paris
7 ALC_TAT.1: Development tools and techniques Java source code Edition with any editor State-of-the-art continuous integration tools: Subversion MediaWiki for documentation version control Atlassian JIRA for evolution and bug tracking Hudson for continuous integration Clover for testing code coverage assessment 7 ICCC 2012 Paris
8 ALC_DVS.1: Development security Confidentiality is not required (open source) Integrity is the main objective: unauthorized modification of the source code must not occur and (if any) must be detected All contributions must be authenticated Access to the source code repository must be strictly controlled 8 ICCC 2012 Paris
9 Repository security (server-side) EJBCA was previously hosted by SourceForge Incapability to verify the access control system and the physical security of repository servers (~Cloud computing issues) The only acceptable solution: Hosting in a auditable Datacenter Physical security under SLA Network and System administration by the project host Central management of contributors accounts Registration of known contributors Revocation of access if needed 9 ICCC 2012 Paris
10 Contributors security (client-side) All contributors use their own computer Major risk: malware installed in their computer Alteration of the source code in the contributor s computer Illicit alteration before commit All contributions must be reviewed by a trusted persons (release managers) Development of a contributor charter incl. security policy Must be signed before access granting Workstation security Probation period Password usage Incident reporting Revocation or legal actions in case of misuse 10 ICCC 2012 Paris
11 ALC_DEL.1: Delivery The TOE is Source code Delivery procedure consists in the provision of the source code to users Only svn over https distribution mode is certified ssl permits the authentication of the repository Generation of pre-built packages is not evaluated 11 ICCC 2012 Paris
12 ALC_FLR.2: Flow remediation Classical process Discovery Notification by or direct contact Investigation Resolution (complete retesting due to continuous integration) Release All notifications are recorded in JIRA 12 ICCC 2012 Paris
13 Conclusions ALC applicable but with constraints on the development conditions Requires a strong involvement of the project leader: Strict management of the repository access Strong source code review policy Requires the involvement of the configuration management database host Security audit must be possible 13 ICCC 2012 Paris
14 14 ICCC 2012 Paris
An introduction to EJBCA and SignServer
An introduction to EJBCA and SignServer PrimeKey Solutions AB Tomas Gustavsson http://www.primekey.se tomas@primekey.se EJBCA and SignServer Euro PKI projects and use cases 1 EJBCA - Open Source Enterprise
More informationTechnical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA
Technical Security in Smart Metering Devices: A German Perspective S4 SCADA Security Scientific Symposium 2012-01-18, Miami Beach FL / USA Dr. Stephan Beirer s.beirer@gai-netconsult.de Sichere ebusiness
More informationBSI-DSZ-CC-S-0040-2015. for. Dream Chip Technologies GmbH Germany. Dream Chip Technologies GmbH
BSI-DSZ-CC-S-0040-2015 for Dream Chip Technologies GmbH Germany of Dream Chip Technologies GmbH BSI - Bundesamt für Sicherheit in der Informationstechnik, Postfach 20 03 63, D-53133 Bonn Phone +49 (0)228
More informationBuild a CC assurance package dedicated to your risk assessment. Francois GUERIN Security Program Manager francois.guerin@gemalto.
Build a CC assurance package dedicated to your risk assessment Francois GUERIN Security Program Manager francois.guerin@gemalto.com Gemplus & Axalto merge into Gemalto 1.7 billion in combined pro-forma
More informationCertificate Issuing and Management Components Protection Profile. Version 1.5
Certificate Issuing and Management Components Protection Profile Version 1.5 11 August, 2011 TABLE OF CONTENTS 1 INTRODUCTION...1 1.1 IDENTIFICATION...1 1.2 CONFORMANCE CLAIMS...1 1.3 OVERVIEW...1 1.4
More informationCertification Report StoneGate FW/VPN 5.2.5
Ärendetyp: 6 Diarienummer: 11FMV3127-87:1 Dokument ID HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2012-01-23 Country of origin: Sweden Försvarets materielverk Swedish Certification Body
More informationBSI-DSZ-CC-S-0035-2014. for. GLOBALFOUNDRIES Singapore Pte. Ltd. GLOBALFOUNDRIES Singapore Pte. Ltd.
BSI-DSZ-CC-S-0035-2014 for GLOBALFOUNDRIES Singapore Pte. Ltd. of GLOBALFOUNDRIES Singapore Pte. Ltd. BSI - Bundesamt für Sicherheit in der Informationstechnik, Postfach 20 03 63, D-53133 Bonn Phone +49
More informationCertification Report
Certification Report HP Network Automation Ultimate Edition 10.10 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government
More informationDetails for the structure and content of the ETR for Site Certification. Version 1.0
Details for the structure and content of the ETR for Site Certification Version 1.0 Bundesamt für Sicherheit in der Informationstechnik Postfach 20 03 63 53133 Bonn Tel.: +49 22899 9582-111 E-Mail: zerti@bsi.bund.de
More informationCourtesy Translation
PREMIER MINISTRE Secretariat General for National Defence French Network and Information Security Agency Certification Report ANSSI-CC-2010/15 OmniPCX Enterprise solution : OmniPCX Enterprise (release
More informationCourtesy Translation
PREMIER MINISTRE Secretariat General for National Defence Central Directorate for Information Systems Security Certification Report DCSSI-2008/20 Paris, 8 th of July 2008, Courtesy Translation Certification
More informationJoint Interpretation Library. Guidance for smartcard evaluation
Joint Interpretation Library Guidance for smartcard evaluation Version 2.0 February 2010 Table of content 1. REFERENCES 5 2. OBJECTIVE 6 3. SMARTCARD PRODUCT PRESENTATION AND DEFINITIONS 7 3.1. Glossary
More informationEUROPEAN ORGANIZATION FOR NUCLEAR RESEARCH CERN ACCELERATORS AND TECHNOLOGY SECTOR
EUROPEAN ORGANIZATION FOR NUCLEAR RESEARCH CERN ACCELERATORS AND TECHNOLOGY SECTOR CERN-ATS-2011-213 THE SOFTWARE IMPROVEMENT PROCESS - TOOLS AND RULES TO ENCOURAGE QUALITY K. Sigerud, V. Baggiolini, CERN,
More informationCourtesy Translation
PREMIER MINISTRE Secrétariat général de la défense et de la sécurité nationale Agence nationale de la sécurité des systèmes d'information Certification Report ANSSI-CC-PP-2010/04 (ref. PU-2009-RT-79, version
More informationCertification Report
Certification Report EAL 4+ Evaluation of WatchGuard Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of
More informationCertification Report
Certification Report EAL 3+ Evaluation of Rapid7 Nexpose Vulnerability Management and Penetration Testing System V5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian
More informationMINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN
REF: 2010-22-INF-764 V1 Distribution: Expediente Date: 21.11.2011 Created: CERT3 Reviewed: CALIDAD Approbed: TECNICO CERTIFICATION REPORT FOR FOR HUAWEI INTEGRATED MANAGEMENT APPLICATION PLATFORM VERSION
More informationCertification Report
Certification Report EAL 4+ Evaluation of Entrust Authority Security Manager and Security Manager Administration v8.1 SP1 Issued by: Communications Security Establishment Canada Certification Body Canadian
More informationAustralasian Information Security Evaluation Program
Australasian Information Security Evaluation Program Certification Report Certificate Number: 2010/70 23 November 2010 Version 1.0 Commonwealth of Australia 2010. Reproduction is authorised provided that
More informationDanske Bank Group Certificate Policy
Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...
More informationCERTIFICATE. certifies that the. Info&AA v1.0 Attribute Service Provider Software. developed by InfoScope Ltd.
CERTIFICATE HUNGUARD Informatics and IT R&D and General Service Provider Ltd. as a certification authority assigned by the assignment document No. 001/2010 of the Minister of the Prime Minister s Office
More informationCertification Report
Certification Report EAL 4+ Evaluation of Solaris 10 Release 11/06 Trusted Extensions Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and
More informationC033 Certification Report
C033 Certification Report Mobile Billing System File name: Version: v1a Date of document: 15 June 2011 Document classification: For general inquiry about us or our services, please email: mycc@cybersecurity.my
More informationThe Costs of Managed PKI:
The Costs of Managed PKI: In-House Implementation of PKI vs. Traditional Managed PKI vs. ON-Demand PKI A TC TrustCenter Whitepaper Last Updated: February 2008 Introduction Until recently, organizations
More informationSecurity Target for EJBCA v5.0.4
Security Target for EJBCA v5.0.4 Document ID : D10.0 Document Name : Status : Dissemination Level : Security Target for EJBCA v5.0.4 Draft Public Document Version : 1.2 Version Date : 02-07-12 Author(s):
More informationBSI-DSZ-CC-0678-2011. for. Microsoft Forefront Unified Access Gateway 2010 (CC) Version / Build 4.0.1752.10000. from. Microsoft Corporation
BSI-DSZ-CC-0678-2011 for Microsoft Forefront Unified Access Gateway 2010 (CC) Version / Build 4.0.1752.10000 from Microsoft Corporation BSI - Bundesamt für Sicherheit in der Informationstechnik, Postfach
More informationJoint Interpretation Library. Guidance for Smartcard evaluation
Joint Interpretation Library Guidance for Smartcard evaluation Version 1.1 March 2002 Joint Interpretation Library Guidance for smartcard evaluation Table of Contents 1. Objective... 5 2. Smartcard product
More informationSecurity Target. Astaro Security Gateway V8 Packet Filter Version 1.000. Assurance Level EAL4+ Common Criteria v3.1
Astaro Security Gateway V8 Packet Filter Version 1.000 Assurance Level EAL4+ Common Criteria v3.1 This Security Target also covers the secunet wall 2 packet filter Version : 1.03 Date: 2011-05-20 Author:
More informationCertification Report
Certification Report EAL 4+ Evaluation of Netezza Performance Server v4.6.5 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
More informationChapter 5. Choose the answer that mostly suits each of the sentences given:
Chapter 5 Software Configuration Management Choose the answer that mostly suits each of the sentences given: 1. No matter where you are in the system lifecycle, the system will change, and the desire to
More informationAutomation Suite for. 201 CMR 17.00 Compliance
WHITEPAPER Automation Suite for Assurance with LogRhythm The Massachusetts General Law Chapter 93H regulation 201 CMR 17.00 was enacted on March 1, 2010. The regulation was developed to safeguard personal
More informationOracle WebCenter Content
Oracle WebCenter Content 21 CFR Part 11 Certification Kim Hutchings US Data Management Phone: 888-231-0816 Email: khutchings@usdatamanagement.com Introduction In May 2011, US Data Management (USDM) was
More informationPKI Made Easy: Managing Certificates with Dogtag. Ade Lee Sr. Software Engineer Red Hat, Inc. 08.11.2013
2013 PKI Made Easy: Managing Certificates with Dogtag Ade Lee Sr. Software Engineer Red Hat, Inc. 08.11.2013 Agenda What is PKI? What is Dogtag? Installing Dogtag Interacting with Dogtag using REST Future
More informationISAAC Risk Assessment Training
ISAAC Risk Assessment Training v2013 Information Technology Risk Management 1 Agenda Why Assess? Information Security Standards Risk Assessment Process Using ISAAC Information Technology Risk Management
More informationBSI-DSZ-CC-0636-2012. for. IBM Tivoli Access Manager for e-business version 6.1.1 FP4 with IBM Tivoli Federated Identity Manager version 6.2.
BSI-DSZ-CC-0636-2012 for IBM Tivoli Access Manager for e-business version 6.1.1 FP4 with IBM Tivoli Federated Identity Manager version 6.2.1 FP2 from IBM Corporation BSI - Bundesamt für Sicherheit in der
More informationCA CA, Inc. Identity Manager 12.5 Identity Manager r12.1 Security Target
CA CA, Inc. Identity Manager 12.5 Identity Manager r12.1 Security Target Version 2.0 June Version 21, 2010 0.6 December 29, 2008 Prepared for: Prepared CA for: 100 Staples CA, Inc. Drive Framingham, 100
More informationManaged Support Policy
TABLE OF CONTENTS 1. SERVICE DESCRIPTION 2 2. SUPPORT OPTIONS 2 3. SERVICE SUPPORT HOURS 3 4. MONITORING AND OUTAGES 3 5. SERVICE LEVEL AGREEMENT 4 6. PLANNED MAINTENANCE AND UPGRADES 5 7. TARGET UPTIME
More informationISO 27001 COMPLIANCE WITH OBSERVEIT
ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk
More informationREGISTRATION AUTHORITY (RA) POLICY. Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A.
REGISTRATION AUTHORITY (RA) POLICY Registration Authority (RA) Fulfillment Characteristics SECURITY DATA SEGURIDAD EN DATOS Y FIRMA DIGITAL, S.A. INDEX Contenido 1. LEGAL FRAMEWORK... 4 1.1. Legal Base...
More informationProtection profile of an industrial switch
Version 1.0 short-term GTCSI July 13, 2015 Preface In the whole document, the acronym ToE (Target of Evaluation) designates the component being evaluated. Text in red differs from the mid-term version
More informationLessons learnt in writing PP/ST. Wolfgang Killmann T-Systems
Lessons learnt in writing PP/ST Wolfgang Killmann T-Systems Overview of the talk Lessons learnt in writing PP/ST Practical experience of PP/ST writing Issues with and suggestions for PP/ST writing Conformance
More informationProtection profile of an industrial firewall
Version 1.0 short-term GTCSI July 13, 2015 Preface In the whole document, the acronym ToE (Target of Evaluation) designates the component being evaluated. Text in red differs from the mid-term version
More informationCertification Report
Certification Report EAL 3+ Evaluation of AccessData Cyber Intelligence and Response Technology v2.1.2 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria
More informationBSI-DSZ-CC-0683-2014. for. IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2. from. IBM Corporation
BSI-DSZ-CC-0683-2014 for IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2 from IBM Corporation BSI - Bundesamt für Sicherheit in der Informationstechnik, Postfach 20 03 63, D-53133
More informationStock Broker System Audit Framework. Audit Process
Stock Broker System Audit Framework Audit Process 1. System Audit of stock brokers should be conducted with the following periodicity a. Annual system audit is prescribed for stock brokers who satisfy
More informationKorean National Protection Profile for Voice over IP Firewall V1.0 Certification Report
KECS-CR-16-36 Korean National Protection Profile for Voice over IP Firewall V1.0 Certification Report Certification No.: KECS-PP-0717-2016 2016. 6. 10 IT Security Certification Center History of Creation
More informationDriving Safely on Information Highway. April 2006
Driving Safely on Information Highway April 2006 Agenda FIPS 201 and PK enabling Challenges of PK enabling Ways to meet the challenges PKIF Webcullis (demo) TrustEnabler (demo) FIPS 201 unique PK enabling
More informationL@Wtrust Class 3 Registration Authority Charter
Class 3 Registration Authority Charter Version 1.0 applicable from 09 November 2010 Building A, Cambridge Park, 5 Bauhinia Street, Highveld Park, South Africa, 0046 Phone +27 (0)12 676 9240 Fax +27 (0)12
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationAustralasian Information Security Evaluation Program
Australasian Information Security Evaluation Program Certification Report Certificate Number: 2010/71 10 Dec 2010 Version 1.0 Commonwealth of Australia 2010. Reproduction is authorised provided that the
More informationCryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik
Common Criteria Protection Profile Cryptographic Modules, Security Level Enhanced BSI-CC-PP-0045 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Enhanced - is issued
More informationProtection profile of an industrial firewall
Version 1.0 mid-term GTCSI July 13, 2015 Preface In the whole document, the acronym ToE (Target of Evaluation) designates the component being evaluated. Text in red differs from the short-term version
More informationRequirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module
Collax SSL VPN Howto This howto describes the easy configuration of a Collax server as SSL VPN gateway in order to enable external access to selected applications in the company network. Except for a common
More informationAustralasian Information Security Evaluation Program
Australasian Information Security Evaluation Program Certification Report Certificate Number: 2010/66 10 Mar 2010 Version 1.0 Commonwealth of Australia 2010. Reproduction is authorised provided that the
More informationCertification Report
Certification Report HP Universal CMDB and Universal Discovery v10.21 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government
More information83/376. Technical Evaluation Questionnaire. DIGIT/R2/PO/2009/035 PKI Services - Tendering specifications
83/376 Annex 3: Technical Evaluation Questionnaire DIGIT/R2/PO/2009/035 PKI Services - Tendering specifications 84/376 85/376 ANNEX 3 TECHNICAL EVALAUATION QUESTIONNAIRE Call for Tenders DIGIT/R2/PO/2009/035
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationOFBiz Addons goals, howto use, howto manage. Nicolas Malin, Nov. 2012
OFBiz Addons goals, howto use, howto manage Nicolas Malin, Nov. 2012 Agenda History of a birth Addons principle Addons and their environment (extensive program) Conclusion Once upon a time The history
More informationC015 Certification Report
C015 Certification Report NexCode National Security Suite Release 3 File name: Version: v1a Date of document: 15 June 2011 Document classification: For general inquiry about us or our services, please
More informationSSL BEST PRACTICES OVERVIEW
SSL BEST PRACTICES OVERVIEW THESE PROBLEMS ARE PERVASIVE 77.9% 5.2% 19.2% 42.3% 77.9% of sites are HTTP 5.2% have an incomplete chain 19.2% support weak/insecure cipher suites 42.3% support SSL 3.0 83.1%
More informationCertification Report
Certification Report EAL 2+ Evaluation of Symantec Endpoint Protection Version 11.0 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
More informationCertification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT
Template: CSEC_mall_doc.dot, 7.0 Ärendetyp: 6 Diarienummer: 14FMV10188-21:1 Dokument ID CB-015 HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2015-06-12 Country of origin: Sweden Försvarets
More informationBSI-DSZ-CC-0698-2012. for
BSI-DSZ-CC-0698-2012 for Database Engine of Microsoft SQL Server 2008 R2 Enterprise Edition and Datacenter Edition (English) x64, Version 10.50.2500.0 from Microsoft Corporation BSI - Bundesamt für Sicherheit
More informationCertification Report
Certification Report EAL 3+ Evaluation of RSA envision platform v4.0 SP 1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationCertification Report
Certification Report EAL 4+ (ALC_FLR.2) Evaluation of TÜBİTAK BİLGEM UEKAE ELEKTRONİK SERTİFİKA YÖNETİM ALTYAPISI (ESYA)- ELECTRONIC CERTIFICATE MANAGEMENT INFRASTRUCTURE v2.0 issued by Turkish Standards
More informationGlobal Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)
Managed Communications JPMorgan - Global Client Access Managed Internet (EC Gateway) Managed Communications Overview JPMorgan offers a variety of electronic communications services that are reliable and
More informationNetSure Certificate means any of the types of Certificates that are subject to this Plan, as listed in Appendix A, List of Covered Services.
THIS EXTENDED WARRANTY PROTECTION PLAN ( Plan ) is provided by Symantec Corporation ( Symantec ) to NetSure Subscribers identified below. NetSure Subscribers holding Symantec Trust Network, Thawte, GeoTrust,
More informationSoftware Delivery Integration and Source Code Management. for Suppliers
Software Delivery Integration and Source Code Management for Suppliers Document Information Author Version 1.0 Version Date 8/6/2012 Status final Approved by Reference not applicable Subversion_for_suppliers.doc
More informationIntel Enhanced Data Security Assessment Form
Intel Enhanced Data Security Assessment Form Supplier Name: Address: Respondent Name & Role: Signature of responsible party: Role: By placing my name in the box above I am acknowledging that I am authorized
More informationCERTIFICATION PRACTICE STATEMENT UPDATE
CERTIFICATION PRACTICE STATEMENT UPDATE Reference: IZENPE-CPS UPDATE Version no: v 5.03 Date: 10th March 2015 IZENPE 2015 This document is the property of Izenpe. It may only be reproduced in its entirety.
More informationRelease Management PinkVerify v2.1. Mandatory Criteria
Mandatory Criteria *CMDB= Configuration Management Database *CI= Configuration Item *DSL= Definitive Software Library *RFC= Request for Change *SLA= Service Level Agreement 1. Does the tool facilitate
More informationNetIQ Access Manager 3.2 integration
KeyShield SSO NetIQ Access Manager 3.2 integration system integrator documentation ver. 1.0.1 (21. Mar. 2014) Na Pankráci 54, Praha 4 Introduction KeyShield SSO authenticates not only a browser session
More informationGuidelines for Developer Documentation
Guidelines for Developer Documentation according to Common Criteria Version 3.1 Version 1.0 Bundesamt für Sicherheit in der Informationstechnik Postfach 20 03 63 53133 Bonn Phone: +49 (0)3018 9582-111
More informationCertification Report
Certification Report McAfee Network Security Platform v7.1 (M-series sensors) Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification
More informationHow To Understand The Toe
Rapid7 Nexpose Vulnerability Management and Penetration Testing System V.5.1 Security Target Version 1.7 May 11, 2012 Prepared for: Rapid7 LLC 545 Boylston Street, Suite 400 Boston, MA 02116 Prepared By:
More informationCertification Report
Certification Report EAL 2+ Evaluation of Symantec Endpoint Protection Version 12.1.2 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and
More informationNIST ITL July 2012 CA Compromise
NIST ITL July 2012 CA Compromise Prepared for: Intelligent People paul.turner@venafi.com 1 NIST ITL Bulletin on CA Compromise http://csrc.nist.gov/publications/nistbul/july-2012_itl-bulletin.pdf These
More informationCloud Services Catalog with Epsilon
Cloud Services Catalog with Epsilon Modern IT enterprises face several challenges while building a service catalog for their data center. Provisioning with a cloud management platform solves some of these
More informationOlive Branch Church. Technology Ministry - OBC. Church email - Setting Up an Existing Copy of Outlook 2010
Olive Branch Church Technology Ministry - OBC Church email - Setting Up an Existing Copy of Outlook 2010 Procedure Name: MS Outlook 2010 Setup - Existing Document ID: OBC_TM P002 Version: 1.0 Issue Date:
More informationDAVE Usage with SVN. Presentation and Tutorial v 2.0. May, 2014
DAVE Usage with SVN Presentation and Tutorial v 2.0 May, 2014 Required DAVE Version Required DAVE version: v 3.1.6 or higher (recommend to use the most latest version, as of Feb 28, 2014, v 3.1.10) Required
More informationSRA International Managed Information Systems Internal Audit Report
SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...
More informationCERTIFIED. SECURE SOFTWARE DEVELOPMENT with COMMON CRITERIA
CERTIFIED SECURE SOFTWARE DEVELOPMENT with COMMON CRITERIA CONTENT CC IN A NUTSHELL CC BACKGROUND AIM AND GOAL OF CC ADVANTAGES OF CC WHY DO WE RECOMMEND CC TO DEVELOPERS? WHEN IS CC THE RIGHT CHOICE?
More informationSecurity FAQs (Frequently Asked Questions) for Xerox Remote Print Services
Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services February 30, 2012 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation
More informationSAP Secure Operations Map. SAP Active Global Support Security Services May 2015
SAP Secure Operations Map SAP Active Global Support Security Services May 2015 SAP Secure Operations Map Security Compliance Security Governance Audit Cloud Security Emergency Concept Secure Operation
More informationTELSTRA RSS CA Subscriber Agreement (SA)
TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this
More informationIntland s Medical Template
Intland s Medical Template Traceability Browser Risk Management & FMEA Medical Wiki Supports compliance with IEC 62304, FDA Title 21 CFR Part 11, ISO 14971, IEC 60601 and more INTLAND codebeamer ALM is
More informationThe IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations
Interchange of Data between Administrations EUROPEAN COMMISSION ENTERPRISE DIRECTORATE- GENERAL INTERCHANGE OF DATA BETWEEN ADMINISTRATIONS PROGRAMME Interchange of Data between Administrations 2 of Generic
More informationCertification Report
Certification Report EAL 3+ Evaluation of Extreme Networks ExtremeXOS Network Operating System v12.3.6.2 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationIndependent Accountants Report
KPMG LLP 1601 Market Street Philadelphia, PA 19103-2499 Independent Accountants Report To the Management of Unisys Corporation: We have examined the assertion by the management of Unisys Corporation (
More informationApple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015
Apple Inc. Certification Authority Certification Practice Statement Worldwide Developer Relations Version 1.14 Effective Date: September 9, 2015 Table of Contents 1. Introduction... 5 1.1. Trademarks...
More informationROSS PHILO EXECUTIVE VICE PRESIDENT AND CHIEF INFORMATION OFFICER
July 22, 2010 ROSS PHILO EXECUTIVE VICE PRESIDENT AND CHIEF INFORMATION OFFICER DEBORAH J. JUDY DIRECTOR, INFORMATION TECHNOLOGY OPERATIONS CHARLES L. MCGANN, JR. MANAGER, CORPORATE INFORMATION SECURITY
More informationSoftware Development. Overview. www.intland.com
Agile, Waterfall & Hybrid Method Support SAFe Template Git, SVN, Mercurial Integration Release Management DevOps Baselining (Versioning) Integration to Requirements and QA & Testing Overview codebeamer
More informationCommon Criteria for Information Technology Security Evaluation. Part 3: Security assurance components. September 2012. Version 3.
Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components September 2012 Version 3.1 Revision 4 CCMB-2012-09-003 Foreword This version of the Common Criteria
More informationCommon Criteria Evaluations for the Biometrics Industry
Common Criteria Evaluations for the Biometrics Industry Kathy Malnick Senior Manager Criterian Independent Labs An initiative of the WVHTC Foundation Presentation outline Common Criteria defined Common
More informationHow To Evaluate Watchguard And Fireware V11.5.1
Certification Report EAL 4+ Evaluation of WatchGuard and Fireware XTM Operating System v11.5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation
More informationTeliaSonera Server Certificate Policy and Certification Practice Statement
TeliaSonera Server Certificate Policy and Certification Practice Statement v.1.4 TeliaSonera Server Certificate Policy and Certification Practice Statement CA name Validation OID TeliaSonera Server CA
More informationLibrary Systems Security: On Premises & Off Premises
Library Systems Security: On Premises & Off Premises Guoying (Grace) Liu University of Windsor Leddy Library Huoxin (Michael) Zheng Castlebreck Inc. CLA 2015 Annual Conference, Ottawa, June 5, 2015 Information
More informationPKI Disclosure Statement
Land Registry Version 2.0 23/07/2008 PKI Disclosure Statement 1. Introduction Land Registry has created an e-security platform for its customers to facilitate role-based access, authentication and electronic
More information