CPA SECURITY CHARACTERISTIC ENTERPRISE MANAGEMENT OF DATA AT REST ENCRYPTION

Size: px
Start display at page:

Download "CPA SECURITY CHARACTERISTIC ENTERPRISE MANAGEMENT OF DATA AT REST ENCRYPTION"

Transcription

1 UNCLASSIFIED CPA SECURITY CHARACTERISTIC ENTERPRISE MANAGEMENT OF DATA AT REST ENCRYPTION Version 1.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1

2 UNCLASSIFIED Enterprise Management of Data at Rest Encryption About this document This document describes the features, testing and deployment requirements necessary to meet CPA certification for Enterprise Management of Data at Rest Encryption security products. It is intended for vendors, system architects, developers, evaluation and technical staff operating within the security arena. Section 1 is suitable for all readers. It outlines the purpose of the security product and defines the scope of the Security Characteristic. Section 2 and Section 3 describe the specific mitigations required to prevent or hinder attacks for this product. Some technical knowledge is assumed. For more information about CPA certification, refer to The Process for Performing CPA Foundation Grade Evaluations 1. Document History The CPA Authority may review, amend, update, replace or issue new Scheme Documents as may be required from time to time. Soft copy location: DiscoverID Version Date Description 0.0 November 2012 Draft for external review 0.1 December 2012 New document template and SC Library related updates 1.0 January 2013 Updates following external review This document is derived from the following SC Maps. SC Map Enterprise Management of Data-at-Rest Encryption 1.0 Common Libraries Crypt Libraries Network Device Libraries Physical Protection Libraries Map version Contact CESG This document is authorised by: Deputy Technical Director (Assurance), CESG. For queries about this document please contact: CPA Administration Team CESG, Hubble Road Cheltenham Gloucestershire GL51 0EX, UK cpa@cesg.gsi.gov.uk Tel: +44 (0) UNCLASSIFIED Page 2

3 Contents Section 1 Overview Introduction Product description Typical use cases Expected operating environment Compatibility Interoperability Variants Use of Remote Recovery High level functional components Future enhancements... 7 Section 2 Security Characteristic Format Requirement categories Understanding mitigations... 8 Section 3 Requirements Development Mitigations Verification Mitigations Deployment Mitigations Appendix A Summary of changes to mitigations Appendix B References Appendix C Glossary UNCLASSIFIED Page 3

4 Section 1 Overview 1.1 Introduction This document is a CPA Security Characteristic. It describes requirements for assured Enterprise Management of Data at Rest Encryption products for evaluation and certification under CESG s Commercial Product Assurance (CPA) scheme. 1.2 Product description Enterprise Management of Data at Rest Encryption in the context of this Security Characteristic refers to a product that enables the remote management of a fleet of products that are all protected using at least one of the following three data at rest encryption Security Characteristics: CPA Security Characteristic for Software Full Disk Encryption [c] CPA Security Characteristic for Hardware Media Encryption [d] CPA Security Characteristic for Software Media Encryption [e] Specifically, a product that provides Enterprise Management of Data at Rest Encryption allows the remote administration of the following aspects of a data at rest encryption product: policy management, user account management, device encryption key management, device recovery and device purging. 1.3 Typical use cases A product that implements Enterprise Management of Data at Rest Encryption enables an administrator to centrally manage of a number of CPA-approved data at rest encryption products, in terms of: Policy management (e.g. password lengths and formats) User account management (add/remove/modify) Device recovery: o Encryption key management (including escrow) o Remote recovery (if implemented - see Variants section) Purge protected data 1.4 Expected operating environment A product that provides Enterprise Management of Data at Rest Encryption comprises client and management software. The client software is located on a device protected by CPA-approved data at rest encryption, either as part of the product or as separately installed software. The management software is installed on a separate host machine, physically located within an appropriately secure environment, appropriate for the maximum classification of data stored on the managed machines. The management software communicates with client software on the managed devices over a trusted enterprise network see Figure 1. UNCLASSIFIED Page 4

5 UNCLASSIFIED Enterprise Management of Data at Rest Encryption Figure 1: Network Setup for Enterprise Management of Data at Rest Encryption The management software provides the user interface to enable the administration of the data at rest encryption products installed on remote computers/devices using messages sent over the network. These messages are received by Enterprise Management client software on the remote device, which then interacts with the host data at rest encryption product to implement the administration function received from the management software. The management software tracks details about each of the managed devices, storing the information in a database, which may or may not be located on the same host machine as the management software. The managed devices may be located in a number of environments, ranging from secure offices to mobile working environments such as employee residences and other potentially insecure offsite environments. 1.5 Compatibility This Security Characteristic places no explicit requirements on compatibility. 1.6 Interoperability A product meeting this Security Characteristic is expected to be able to interoperate with products meeting at least one of the following Security Characteristics: Software Full Disk Encryption [c] Hardware Media Encryption [d] Software Media Encryption [e] Note: A managed product may or may not be from the same developer as the enterprise manager product. It is strongly recommended that the Enterprise Management of Data at Rest Encryption product makes use of an RFC compliant messaging protocol between the management software and the client software on the remote devices being managed, although in this version of the Security Characteristic the protocol selected is left to the developer s discretion. 1.7 Variants This Security Characteristic ristic has the following variant type and associated variants: Variant Type: Recovery Mechanism: o Local Recovery - The system does not support Remote Recovery. UNCLASSIFIED Page 5

6 UNCLASSIFIED Enterprise prise Management of Data at Rest Encryption o Remote Recovery - The system actively allows the administrator to remotely recover a managed computer/device, computer through communication with that device over the network Use of Remote te Recovery Ideally, device recovery should always be carried out through the administrator administrator having direct physical access to that protected device (e.g. the administrator logs in, in person, to reset a user password). Although Remote Recovery (if supported by the product) can provide a more enterprise-oriented enterprise recovery mechanism, its use significantly increases the risk of compromise from social engineering attacks or attackers intercepting recovery codes. Conceptually, there are several types of Remote Remote Recovery mechanisms, of which two common techniques include: Challenge-Response -The The user obtains a Challenge code from the data at rest encryption product on the protected device, which he/she presents to their support team to validate possession of the device. Once the support team are sure the user is legitimate, they use the product to generate a Response code, which is provided to the user to regain access to the device. Recovery Passphrase - A predetermined, predetermined one-time-use value that is used to unlock a device in the event of lost credentials. High level functional components 1.8 The following diagram illustrates the various high level functional components within this product. Components asterisked* represent those relating to specific mitigations listed in Section 3. These are used to structure the Security Characteristic, and to give context to each mitigation. Figure 2:: Functional components of an Enterprise Management of Data at Rest Encryption product The functional components in Figure 2 are described as follows. Client Software* - Logically located with the data at rest encryption product that protects the managed device. It may comprise a separate software package, as may be the case for a disk protected by an SFDE product, or be a logical component within the embedded embedde code of a hardware media encryption device. Managed Device* - Computer/device Computer/device protected by the managed data at rest encryption product. Management Database** - Contains configuration, key escrow and recovery information for the devices remotely managed by the deployment. UNCLASSIFIED Page 6

7 UNCLASSIFIED Enterprise Management of Data at Rest Encryption Management Software* - General tracking of the managed devices, details being stored in the Management Database. Management Software >> Access Control* - The restriction of access control to one or more administrators, which may be implemented by the software and/or the operating system. Management Software >> Logging* - Logging of events to aid detection of potential vulnerabilities or unexpected behaviour. Management Software >> PRNG* - Handles the creation of encryption keys and device recovery data. 1.9 Future enhancements CESG welcomes feedback and suggestions on possible enhancements to this Security Characteristic. One possible future enhancement may be to extend the Security Characteristic to cover management of additional device platform types, such as smart phones UNCLASSIFIED Page 7

8 UNCLASSIFIED Section 2 Security Characteristic Format 2.1 Requirement categories All CPA Security Characteristics contain a list of mitigations that describe the specific measures required to prevent or hinder attacks. The mitigations are grouped into three requirement categories; design, verification and deployment, and appear in section 3 of this document in that order. Development mitigations (indicated by the DEV prefix) are measures integrated into the development of the product during its implementation. Development mitigations are checked by an evaluation team during a CPA evaluation. Verification mitigations (indicated by the VER prefix) are specific measures that an evaluator must test (or observe) during a CPA evaluation. Deployment mitigations (indicated by the DEP prefix) are specific measures that describe the deployment and operational control of the product. These are used by system administrators and users to ensure the product is securely deployed and used in practice, and form the basis of the Security Operating Procedures which are produced as part of the CPA evaluation. Within each of the above categories, the mitigations are further grouped into the functional areas to which they relate (as outlined in the High level functional components diagram). The functional area for a designated group of mitigations is prefixed by double chevron characters ( >> ). For example, mitigations within a section that begins: Development>>Management - concern Development mitigations relating to the Management functional area of the product. Note: Mitigations that apply to the whole product (rather than a functional area within it) are listed at the start of each section. These sections do not contain double chevron characters. 2.2 Understanding mitigations Each of the mitigations listed in Section 3 of this document contain the following elements: The name of the mitigation. This will include a mitigation prefix (DEV, VER or DEP) and a unique reference number. A description of the threat (or threats) that the mitigation is designed to prevent or hinder. Threats are formatted in italic text. The explicit requirement (or group of requirements) that must be carried out. Requirements for foundation grade are formatted in green text. Requirements for augmented grade are formatted in maroon text. In addition, certain mitigations may also contain additional explanatory text to clarify each of the foundation/augmented grade requirements, as illustrated in the following diagram. UNCLASSIFIED Page 8

9 Name of the mitigation Threat that this mitigation counters Requirements needed For Foundation Grade Explanatory comment for Foundation Grade requirement Requirements needed For Augmented Grade Explanatory comment For Augmented Grade requirement DEV.M267: Provide an automated configuration tool to enforce required settings This mitigation is required to counter exploitation of an accidental misconfiguration At Foundation Grade the product is required to be provided with a configuration tool, or other method, for an administrator to initially set it up into a suitable configuration. If the product requires more than 12 options to be changed or set by an administrator to comply with these Security Characteristics, the developer must supply a tool or policy template which helps the administrator to achieve this in fewer steps. At Augmented Grade the product is required to provide a tool, or other method, for an administrator to verify that their configuration confirms to CPA Augmented. If the product requires more than 12 options to be checked by an administrator to comply with these Security Characteristics, the developer must supply a tool which helps the administrator to achieve this requirement. Figure 3: Components of a typical mitigation UNCLASSIFIED Page 9

10 UNCLASSIFIED Section 3 Requirements This section lists the Development, Verification and Deployment mitigations for the Enterprise Management of Data at Rest Encryption Security Characteristic. 3.1 Development Mitigations DEV.M147: Encrypt device's encryption key during escrow process This mitigation is required to counter recovery of a device's encryption key from network traffic during escrow process At Foundation Grade the product is required to encrypt the device's encryption key during the escrow process. Escrow data containing recovery details (such as a DEK) must be encrypted by an escrow key using AES in CBC mode (or another mode of at least the same strength). An AES escrow key should be ephemeral and must have size and entropy at least as large as that of the associated DEK. DEV.M417: Authenticate command / configuration messages This mitigation is required to counter acting upon fraudulent commands from spoofed or tampered command / configuration messages This mitigation is required to counter performing a man-in-the-middle attack on configuration messages during provisioning process This mitigation is required to counter spoofing a remote purge command This mitigation is required to counter spoofing a user account deletion message to the client software At Foundation Grade the product is required to authenticate command and configuration messages. The protocol for exchanging command and configuration messages must incorporate an authentication mechanism, such as digital signing, that enables the recipient to confirm the authenticity and validity of that message. DEV.1 - Development >> Client Software DEV.1.M41: Crash reporting At Foundation Grade the product is required to ensure crashes are logged. Where it is possible that sensitive data may end up in the crash data, this must be handled as red data and must only be available to an administrator. Crash data from both the product and the underlying operating system must be considered. DEV.1.M42: Heap hardening At Foundation Grade the product should use the memory management provided by the operating system. Products should not implement their own heap. DEV.1.M43: Stack protection At Foundation Grade the product is required to be compiled with support for stack protection including all libraries, where the tool chain supports it. If more recent versions of the tool chain support it for the target platform then they should be used in preference to a legacy tool chain. DEV.1.M46: User least privilege This mitigation is required to counter taking advantage of existing user privilege At Foundation Grade the product is required to operate correctly from a standard account without elevated privileges. UNCLASSIFIED Page 10

11 DEV.1.M159: Update product At Foundation Grade the product should support the use of software updates. DEV.1.M321: Data Execution Prevention At Foundation Grade the product is required to support Data Execution Prevention (DEP) when enabled on its hosting platform and must not opt out of DEP. If the product is to be specifically deployed on a platform that does not support either Software DEP or Hardware-enforced DEP, there is no requirement for DEP compatibility. DEV.1.M340: Address Space Layout Randomisation At Foundation Grade the product is required to be compiled with full support for ASLR, including all libraries used. If the product is to be specifically deployed on an operating system that does not support ASLR, there is no requirement for ASLR compatibility. Note: ASLR may be disabled for specific aspects of the product, provided there is justification of why this is required. DEV.1.M349: Sanitise temporary variables This mitigation is required to counter reading non-sanitised sensitive data from memory At Foundation Grade the product is required to sanitise temporary variables containing sensitive information as soon as no longer required. A secure erase must consist of at least one complete overwrite. DEV.1.M355: Secure software delivery This mitigation is required to counter installing compromised software using the update process At Foundation Grade the product should be distributed via a cryptographically protected mechanism, such that the authenticity of software can be ensured. DEV.2 - Development >> Management Software DEV.2.M41: Crash reporting At Foundation Grade the product is required to ensure crashes are logged. Where it is possible that sensitive data may end up in the crash data, this must be handled as red data and must only be available to an administrator. Crash data from both the product and the underlying operating system must be considered. DEV.2.M42: Heap hardening At Foundation Grade the product should use the memory management provided by the operating system. Products should not implement their own heap. DEV.2.M43: Stack protection At Foundation Grade the product is required to be compiled with support for stack protection including all libraries, where the tool chain supports it. If more recent versions of the tool chain support it for the target platform then they should be used in preference to a legacy tool chain. DEV.2.M46: User least privilege This mitigation is required to counter taking advantage of existing user privilege At Foundation Grade the product is required to operate correctly from a standard account without elevated privileges. UNCLASSIFIED Page 11

12 DEV.2.M159: Update product At Foundation Grade the product should support the use of software updates. DEV.2.M267: Provide an automated configuration tool to enforce required settings This mitigation is required to counter exploitation of an accidental misconfiguration At Foundation Grade the product is required to be provided with a configuration tool, or other method, for an administrator to initially set it up into a suitable configuration. If the product requires more than 12 options to be changed or set by an administrator to comply with these Security Characteristics, the developer must supply a tool or policy template which helps the administrator to achieve this in fewer steps. DEV.2.M321: Data Execution Prevention At Foundation Grade the product is required to support Data Execution Prevention (DEP) when enabled on its hosting platform and must not opt out of DEP. If the product is to be specifically deployed on a platform that does not support either Software DEP or Hardware-enforced DEP, there is no requirement for DEP compatibility. DEV.2.M340: Address Space Layout Randomisation At Foundation Grade the product is required to be compiled with full support for ASLR, including all libraries used. If the product is to be specifically deployed on an operating system that does not support ASLR, there is no requirement for ASLR compatibility. Note: ASLR may be disabled for specific aspects of the product, provided there is justification of why this is required. DEV.2.M349: Sanitise temporary variables This mitigation is required to counter reading non-sanitised sensitive data from memory At Foundation Grade the product is required to sanitise temporary variables containing sensitive information as soon as no longer required. A secure erase must consist of at least one complete overwrite. DEV.2.M353: Ensure product security configuration can only be altered by an authenticated system administrator This mitigation is required to counter unauthorised alteration of product's configuration At Foundation Grade the product is required to ensure that only authenticated administrators are able to change the product's security enforcing settings. DEV.2.M355: Secure software delivery This mitigation is required to counter installing compromised software using the update process At Foundation Grade the product should be distributed via a cryptographically protected mechanism, such that the authenticity of software can be ensured. DEV.2.M491: Encrypt authentication data during remote configuration This mitigation is required to counter obtaining configuration data from network At Foundation Grade the product is required to encrypt messages containing user login data. Configuration messages containing sensitive details (such as usernames, passphrases, passphrase hashes and token data) must be encrypted using AES in CBC mode (or another mode of at least the same strength). The AES key should be ephemeral and must have size and entropy at least as large as that of the associated DEK. UNCLASSIFIED Page 12

13 DEV.2.M498: Administration of managed device credentials This mitigation is required to counter exploitation of administered end user credentials At Foundation Grade the product is required to administer passphrase policy on managed computers/devices according to the Authentication Deployment requirements in the relevant CPA Data at Rest Encryption Security Characteristics (Foundation Grade). DEV.2.M499: (Remote Recovery ONLY) One Remote Recovery value per device This mitigation is required to counter exploitation of weak Remote Recovery value generation At Foundation Grade the product is required to assign a single Remote Recovery value for use with no more than one device. i.e. Prohibit two or more devices from sharing the same generated Remote Recovery value. DEV.2.M612: Sanitise logged data This mitigation is required to counter supplying a malicious script through logged data At Foundation Grade the product is required to ensure logged data is sanitised prior to display. The method and content of sanitisation will change depending on the content in the logs and where the logs are displayed. For example, output to a HTML viewer for the logs will need to be encoded whereas logging output to a text file may not need to be sanitised. Note: This requirement is only applicable if the product actually incorporates a log viewer. DEV.2.M627: Protect access to logs This mitigation is required to counter modification of logging generation This mitigation is required to counter sanitisation of illegitimate access from logs At Foundation Grade the product is required to ensure that all log entries are time stamped. Timestamps must be accurate and the deployment must take measures to ensure this. Such measures could be NTP synchronisation or a manual process. At Foundation Grade the product is required to ensure that only an authenticated administrator can manage logs. At Foundation Grade the product is required to not overwrite logs without alerting the administrator. DEV.2.M802: Export logs This mitigation is required to counter modification of locally stored logs At Foundation Grade the product is required to provide ability to automatically transfer logs to external device. This functionality could be provided by a host operating system, where available. DEV Development >> Management Software >> Logging DEV.2.1.M446: (Remote Recovery ONLY) Log all Remote Recovery requests This mitigation is required to counter a successful social engineering attack on the helpdesk At Foundation Grade the product is required to log all recovery requests. The product must log all recovery requests. This allows administrators to monitor helpdesk use and identify potentially compromised machines. UNCLASSIFIED Page 13

14 DEV Development >> Management Software >> PRNG DEV.2.2.M138: State the Security Strength required for random numbers This mitigation is required to counter prediction of randomly generated values due to a weak entropy source At Foundation Grade the product is required to employ an entropy source of sufficient Security Strength for all random number generation required in the operation of the product. The developer must state the Security Strength required of their entropy source based on analysis of all random numbers used in the product, including any generated keys. At this grade, the Security Strength is likely to be 128 bits for products that do not use elliptic curve cryptography. For elliptic curve-based asymmetric mechanisms it is likely to be 256 bits, and for finite field based asymmetric mechanisms it is likely to be 192 bits. DEV.2.2.M140: Smooth output of entropy source with approved PRNG This mitigation is required to counter prediction of randomly generated values due to a weak PRNG At Foundation Grade the product is required to employ a PRNG of sufficient Security Strength for all random number generation required in the operation of the product. For more details on a suitable PRNG, please see the Process for Performing Foundation Grade Evaluations. DEV.2.2.M141: Reseed PRNG as required This mitigation is required to counter prediction of randomly generated values due to a weak PRNG At Foundation Grade the product is required to follow an approved reseeding methodology. DEV.2.2.M290: Employ an approved entropy source This mitigation is required to counter prediction of randomly generated values due to a weak entropy source At Foundation Grade the product is required to generate random bits using an entropy source whose entropy generation capability is understood. The developer must provide a detailed description of the entropy source used, giving evidence that it can generate sufficient entropy for use in the device, including an estimate of entropy per bit. If a hardware noise source is used, then the manufacturer's name, the part numbers and details of how this source is integrated into the product must be supplied. If a software entropy source is employed, the API calls used must be provided. Where appropriate, details must be given of how the output of multiple entropy sources are combined. DEV.2.2.M444: (Remote Recovery ONLY) Sufficient entropy in Remote Recovery information This mitigation is required to counter exploitation of weak Remote Recovery value generation At Foundation Grade the product is required to ensure Remote Recovery information contains entropy at least equal in amount to that of the size of the device's associated encryption key. UNCLASSIFIED Page 14

15 3.2 Verification Mitigations VER.M443: (Remote Recovery ONLY) Validate Remote Recovery implementation This mitigation is required to counter exploitation of a weak Remote Recovery algorithm This mitigation is required to counter exploitation of weak Remote Recovery values This mitigation is required to counter replay attacks on Remote Recovery information At Foundation Grade the evaluator will perform validation work on the Remote Recovery mechanism. The mechanism must be checked to ensure that it is cryptographically sound. The evaluator must check the following to ensure that the technique does not weaken the security of the product: a) An exhaustive attack on the recovery information requires at least as much effort as an exhaustive attack on the protected device's encryption key b) For Challenge-Response implementations, the data at rest encryption product must successfully validate both parts in full to allow access to the protected device. If the product fails this validation work then it can still pass the evaluation, but its suitability for use must first be discussed with CESG. VER.1 - Verify >> Client Software VER.1.M80: Protocol robustness testing This mitigation is required to counter discovery of a vulnerability in the implementation of the protocol stack At Foundation Grade the evaluator will perform testing using commercial fuzzing tools. Fuzz testing is described in more detail in the Process for Performing Foundation Grade Evaluations. VER.1.M341: Audit permissions on product install This mitigation is required to counter exploitation of a privileged local service At Foundation Grade the evaluator will audit any system permissions and ACLs set or altered by the product during installation to ensure that no changes are made, which would give a standard user the ability to modify any components that run with higher privileges (either product or system provided). VER.1.M347: Verify update mechanism This mitigation is required to counter installing compromised software using the update process At Foundation Grade the evaluator will validate the developer's assertions regarding the suitability and security of their update process. The update process must provide a mechanism by which updates can be authenticated before they are applied. The process and any configuration required must be documented within the Security Procedures. VER.2 - Verify >> Managed Device VER.2.M448: (Remote Recovery ONLY) Ensure that a single Remote Recovery value can only be used once This mitigation is required to counter replay attacks on Remote Recovery information At Foundation Grade the evaluator will check that a Remote Recovery value will no longer work once it has been successfully used. After a user has requested and successfully performed Remote Recovery, the information provided must no longer be able to unlock the device. UNCLASSIFIED Page 15

16 VER.3 - Verify >> Management Software VER.3.M4: Evaluation/Cryptocheck This mitigation is required to counter exploitation of a cryptographic algorithm implementation error At Foundation Grade the evaluator will ensure all cryptographic algorithms employed for security functionality have been validated as per the "Cryptographic Validation" section in the CPA Foundation Process document. VER.3.M80: Protocol robustness testing This mitigation is required to counter discovery of a vulnerability in the implementation of the protocol stack At Foundation Grade the evaluator will perform testing using commercial fuzzing tools. Fuzz testing is described in more detail in the Process for Performing Foundation Grade Evaluations. VER.3.M341: Audit permissions on product install This mitigation is required to counter exploitation of a privileged local service At Foundation Grade the evaluator will audit any system permissions and ACLs set or altered by the product during installation to ensure that no changes are made, which would give a standard user the ability to modify any components that run with higher privileges (either product or system provided). VER.3.M347: Verify update mechanism This mitigation is required to counter installing compromised software using the update process At Foundation Grade the evaluator will validate the developer's assertions regarding the suitability and security of their update process. The update process must provide a mechanism by which updates can be authenticated before they are applied. The process and any configuration required must be documented within the Security Procedures. UNCLASSIFIED Page 16

17 3.3 Deployment Mitigations DEP.M450: (Remote Recovery ONLY) Perform Remote Recovery over a secure communications channel This mitigation is required to counter exploitation of weak Remote Recovery values This mitigation is required to counter replay attacks on Remote Recovery information At Foundation Grade the deployment should perform Remote Recovery over an appropriately secure channel. In this context an "appropriately secure" channel is one that is accredited to the highest classification of all data which will ever be stored on the machine being recovered. CESG recognises that there may be circumstances in which Remote Recovery must happen over an inadequately secure channel. In this case, once Remote Recovery has been performed the device must be subsequently handled as the highest protective marking of the data which has ever been stored on it (at least until the device is re-keyed). There may be some implementations that only allow Remote Recovery once per device (i.e. information stored on the device that is required for the recovery process is securely erased after use). If the vendor can provide evidence to conclusively prove this then the above handling guidance is not applicable. DEP.M497: Disable unused Remote Recovery This mitigation is required to counter exploitation of dormant Remote Recovery mechanism At Foundation Grade the deployment is required to ensure that if Remote Recovery is not being used then any such facility present is disabled in any of the deployment's Enterprise Management and data at rest encryption products. DEP.1 - Deployment >> Client Software DEP.1.M39: Audit log review At Foundation Grade the deployment is required to regularly review audit logs for unexpected entries. DEP.1.M131: Operating system verifies signatures This mitigation is required to counter installation of a malicious privileged local service At Foundation Grade the deployment is required to enable signature verification for applications, services and drivers in the host operating system, where supported and where the product makes use of it. DEP.1.M159: Update product At Foundation Grade the deployment is required to update to the latest version where possible. DEP.1.M340: Address Space Layout Randomisation At Foundation Grade the deployment is required to enable ASLR in the host Operating System where available. UNCLASSIFIED Page 17

18 DEP.1.M348: Administrator authorised updates This mitigation is required to counter installing compromised software using the update process At Foundation Grade the deployment is required to confirm the source of updates before they are applied to the system. The administrator is required to have authorised the updates before use. If an automatic process is used, the administrator must also configure the product to authenticate updates. The update procedure to be used by the administrator must be described within the product's security procedures. DEP.1.M418: Trust client during provisioning This mitigation is required to counter fooling a user into believing a machine is provisioned This mitigation is required to counter recovery of the device's encryption key from client during escrow process At Foundation Grade the deployment is required to ensure the escrow of the device's recovery data (e.g. DEK) is completed before the device is connected to any untrusted network. At Foundation Grade the deployment is required to only provision using trusted machines. Provisioning should be performed on machines which are accountable and are unlikely to have been compromised. DEP.1.M422: Lock down host machine configuration This mitigation is required to counter exploitation of client software At Foundation Grade the deployment is required to lock down the configuration of the managed computer/device hosting the client software (and the data at rest encryption software) to minimise the impact and likelihood of a successful network attack. The administrator must remove unnecessary services and ensure the computer/device is protected by appropriate anti-malware products (kept uptodate by the end user). DEP.1.M487: Deploy host machines on trusted network This mitigation is required to counter a Denial of Service attack on machine hosting management software This mitigation is required to counter a Denial of Service attack on protected client device This mitigation is required to counter fooling a user into believing a machine is provisioned This mitigation is required to counter identification of a machine running client software through network advertising This mitigation is required to counter performing a man-in-the-middle attack on configuration messages during provisioning process This mitigation is required to counter recovery of a device's encryption key from network traffic during escrow process At Foundation Grade the deployment is required to ensure that all device administration/configuration messages occur over a trusted network. This network must be accredited to at least the highest classification of the data stored on all machines. At Foundation Grade the deployment is required to perform provisioning in a controlled environment on a trusted network. The provisioning of a machine should take place on a network accredited to the same level as the data which is going to be contained within the protected device. DEP.1.M606: Control access to device management This mitigation is required to counter attacking management protocol stack At Foundation Grade the deployment is required to restrict which network interfaces can be used for device management. If a local console port or dedicated management interface is available, it must be possible to configure the other network interfaces to not have management services accessible on them. Similarly, it must also be possible to restrict which network interfaces have management services enabled on them. UNCLASSIFIED Page 18

19 DEP.1.M800: Deploy on Managed Endpoint This mitigation is required to counter malware on endpoint At Foundation Grade the deployment is required to configure endpoints in line with good IT practice as part of a risk-managed accredited system. Typically, this will include the installation and subsequent updating of a commercial antivirus product. DEP.2 - Deployment >> Management Database DEP.2.M424: Physically protect host machine This mitigation is required to counter physical compromise of machine hosting management database At Foundation Grade the deployment is required to protect the machine hosting a management database from physical attack. If the management software and database are located on separate machines the level of protection applied to the database host machine must be the same as that applied to the management software host machine, described elsewhere in this Security Characteristic. DEP.2.M493: Management database backups must be stored securely This mitigation is required to counter reading unprotected backup data At Foundation Grade the deployment is required to ensure that any backups of the management database have the same protection as the database itself. DEP.3 - Deployment >> Management Software DEP.3.M26: Physical tamper evidence This mitigation is required to counter physical compromise of device At Foundation Grade the deployment is required to educate users to regularly check that tamper labels are intact. At Foundation Grade the deployment is required to place tamper evident seals over access points on product. Use tamper evidence (e.g. stickers) to make entry to system internals detectable by physical inspection. Tamper stickers should be uniquely identifiable to prevent an attacker successfully replacing it with a new, undamaged sticker. At Foundation Grade the deployment is required to provide administrators with advice on the tamper threat. Advice should include looking for possible damage to tamper evident seals. In the event of tampering, the event should be reported as soon as possible and the product must be removed from use immediately. Any product that shows evidence of tampering must not be returned to service. DEP.3.M38: Use automated configuration tool This mitigation is required to counter exploitation of an accidental misconfiguration At Foundation Grade the deployment is required to be configured using automated tools if provided. DEP.3.M39: Audit log review At Foundation Grade the deployment is required to regularly review audit logs for unexpected entries. DEP.3.M131: Operating system verifies signatures This mitigation is required to counter installation of a malicious privileged local service At Foundation Grade the deployment is required to enable signature verification for applications, services and drivers in the host operating system, where supported and where the product makes use of it. UNCLASSIFIED Page 19

20 DEP.3.M159: Update product At Foundation Grade the deployment is required to update to the latest version where possible. DEP.3.M340: Address Space Layout Randomisation At Foundation Grade the deployment is required to enable ASLR in the host Operating System where available. DEP.3.M348: Administrator authorised updates This mitigation is required to counter installing compromised software using the update process At Foundation Grade the deployment is required to confirm the source of updates before they are applied to the system. The administrator is required to have authorised the updates before use. If an automatic process is used, the administrator must also configure the product to authenticate updates. The update procedure to be used by the administrator must be described within the product's security procedures. DEP.3.M422: Lock down host machine configuration This mitigation is required to counter exploitation of management software At Foundation Grade the deployment is required to lock down the configuration of the machine hosting the management software to minimise the impact and likelihood of a successful network attack. The administrator must remove unnecessary services and ensure that the machine is protected by appropriate anti-malware products. DEP.3.M492: Minimise network access to management database This mitigation is required to counter exploitation of management software At Foundation Grade the deployment is required to only allow the management software access to the management database records. The database(s) used to store escrowed keys and recovery data should be configured such that only the management software has read and write access to it. DEP.3.M500: (Remote Recovery ONLY) Identify and authenticate users before providing Remote Recovery details This mitigation is required to counter a successful social engineering attack on the helpdesk At Foundation Grade the deployment is required to authenticate users before providing recovery data. When a user is locked out of their account, the helpdesk must conclusively establish their identity before divulging any sensitive information. It is important that the helpdesk first ensures that the device in question has not been reported lost or stolen before engaging with the user. It is recommended that the user is required to identify himself/herself by providing the answers to a set of pre-agreed security questions to which the replies are difficult to guess or obtain. The security question and answer pairs must not be common across multiple recovery services. DEP.3.M606: Control access to device management This mitigation is required to counter attacking management protocol stack At Foundation Grade the deployment is required to restrict which network interfaces can be used for device management. If a local console port or dedicated management interface is available, it must be possible to configure the other network interfaces to not have management services accessible on them. Similarly, it must also be possible to restrict which network interfaces have management services enabled on them. UNCLASSIFIED Page 20

21 DEP.3.M625: Log all relevant actions This mitigation is required to counter modification of logging generation At Foundation Grade the deployment is required to assess impact of log entries and follow organisational procedures for incident resolution. At Foundation Grade the deployment is required to configure the product to log all actions deemed of interest. Ensure that log data is detailed enough to allow forensic investigation during any incident management. Sensitive data such as passwords and keys must not be written to the logs. At Foundation Grade the deployment should where available, automatically export logs to management/red side device. DEP Deployment >> Management Software >> Access Control DEP.3.1.M435: One administrator per account This mitigation is required to counter the unauthorised use of administrator account At Foundation Grade the deployment is required to use one administrator account per administrator. i.e. Prohibit two or more administrators using the same administrator account with the product (or host operating system). DEP.3.1.M501: Use of multiple administrator accounts This mitigation is required to counter the unauthorised use of administrator account At Foundation Grade the deployment should configure the product for use with multiple administrator accounts. The use of multiple administrator accounts with the product (or host operating system) minimises the risk of credential sharing and provides accountability after the unauthorised use of an administrator account. DEP Deployment >> Management Software >> Logging DEP.3.2.M447: (Remote Recovery ONLY) Regular review of Remote Recovery request logs This mitigation is required to counter a successful social engineering attack on the helpdesk At Foundation Grade the deployment is required to create a log review schedule such that unexpected entries can be detected. Logs must be reviewed regularly so as to identify potential compromises. UNCLASSIFIED Page 21

22 UNCLASSIFIED Appendix A Summary of changes to mitigations This document is an initial version; hence there is no previous version to compare changes with. UNCLASSIFIED Page 22

23 UNCLASSIFIED Appendix B References This document references the following resources. Label Title Location Notes [a] The Process for Performing Foundation Grade CPA Evaluations [b] FIPS 197, Advanced Encryption Standard NIST [c] [d] [e] CPA Security Characteristic Software Full Disk Encryption CPA Security Characteristic Hardware Media Encryption CPA Security Characteristic Software Media Encryption UNCLASSIFIED Page 23

24 UNCLASSIFIED Appendix C Glossary The following definitions are used in this document. Term AES CPA Escrow PRNG Provisioning Recovery Passphrase Red side device SC Map Security Characteristic SFDE Definition Advanced Encryption Standard Commercial Product Assurance. A scheme run by CESG providing certificate-based assurance of commercial security products. The storage of a sensitive value away from the device in question. Pseudo Random Number Generator Initial configuration of a product. In cryptographic products, this involves the generation and application of key material. A value set at time of system configuration which is used to unlock the device in the event of credential loss. This value must be complex in order not to weaken the security of the system. A computer/device located in a trusted network location Diagrammatic representation of a Security Characteristic (or part of one). A standard which describes necessary mitigations which must be present in a completed product, its evaluation or usage, particular to a type of security product. Software Full Disk Encryption UNCLASSIFIED Page 24

CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT

CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT 26579500 CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT Version 2.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the features, testing and deployment

More information

CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY

CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY 3166116 CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY Version 2.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 MIKEY-SAKKE Secure VoIP gateway About this document This document

More information

CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT

CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT 29175671 CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT Version 1.0 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the

More information

UNCLASSIFIED CPA SECURITY CHARACTERISTIC REMOTE DESKTOP. Version 1.0. Crown Copyright 2011 All Rights Reserved

UNCLASSIFIED CPA SECURITY CHARACTERISTIC REMOTE DESKTOP. Version 1.0. Crown Copyright 2011 All Rights Reserved 18570909 CPA SECURITY CHARACTERISTIC REMOTE DESKTOP Version 1.0 Crown Copyright 2011 All Rights Reserved CPA Security Characteristics for CPA Security Characteristic Remote Desktop 1.0 Document History

More information

UNCLASSIFIED 12686381

UNCLASSIFIED 12686381 12686381 CPA SECURITY CHARACTERISTIC IP FILTERING FIREWALLS Version 1.1 Crown Copyright 2011 All Rights Reserved CPA Security Characteristics for IP Filtering firewalls 26/07/2011 Document History Version

More information

UNCLASSIFIED CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION. Version 1.1. Crown Copyright 2011 All Rights Reserved

UNCLASSIFIED CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION. Version 1.1. Crown Copyright 2011 All Rights Reserved 11590282 CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION Version 1.1 Crown Copyright 2011 All Rights Reserved CPA Security Characteristics for software full disk encryption Document History [Publish

More information

CPA SECURITY CHARACTERISTIC IPSEC VPN FOR REMOTE WORKING SOFTWARE CLIENT

CPA SECURITY CHARACTERISTIC IPSEC VPN FOR REMOTE WORKING SOFTWARE CLIENT 24419250 CPA SECURITY CHARACTERISTIC IPSEC VPN FOR REMOTE WORKING SOFTWARE CLIENT Version 2.1 Crown Copyright 2013 All Rights Reserved UNCLASSIFIED Page 1 About this document This document describes the

More information

CPA SECURITY CHARACTERISTIC IPSEC VPN GATEWAY

CPA SECURITY CHARACTERISTIC IPSEC VPN GATEWAY CPA SECURITY CHARACTERISTIC IPSEC VPN GATEWAY Version 2.5 Crown Copyright 2016 All Rights Reserved 48770392 Page 1 of 25 About this document This document describes the features, testing and deployment

More information

UNCLASSIFIED CPA SECURITY CHARACTERISTIC WEB APPLICATION FIREWALLS. Version 1.3. Crown Copyright 2011 All Rights Reserved

UNCLASSIFIED CPA SECURITY CHARACTERISTIC WEB APPLICATION FIREWALLS. Version 1.3. Crown Copyright 2011 All Rights Reserved 18397081 CPA SECURITY CHARACTERISTIC WEB APPLICATION FIREWALLS Version 1.3 Crown Copyright 2011 All Rights Reserved CPA Security Characteristics for Web Application Firewalls Document History [Publish

More information

CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE

CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE 12040940 CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE Version 0.3 Crown Copyright 2012 All Rights Reserved CPA Security Characteristics for Data Sanitisation - Flash Based Storage

More information

UNCLASSIFIED 11936884

UNCLASSIFIED 11936884 11936884 CPA SECURITY CHARACTERISTIC GATEWAY EMAIL ENCRYPTION Version 1.0 Crown Copyright 2011 All Rights Reserved CPA Security Characteristics for Gateway Email Encryption 1 st March 2012 Document History

More information

CPA SECURITY CHARACTERISTIC GATEWAY EMAIL ENCRYPTION

CPA SECURITY CHARACTERISTIC GATEWAY EMAIL ENCRYPTION 11936884 CPA SECURITY CHARACTERISTIC GATEWAY EMAIL ENCRYPTION Version 1.0 Crown Copyright 2016 All Rights Reserved Document History Version Date Description CPA Security Characteristics for Gateway Email

More information

CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION

CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION 27289237 CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION Version 1.23 Crown Copyright 2016 All Rights Reserved Page 1 About this document This document describes the features, testing and deployment

More information

CPA SECURITY CHARACTERISTIC CPA-SC DESKTOP EMAIL ENCRYPTION 1.0.DOC

CPA SECURITY CHARACTERISTIC CPA-SC DESKTOP EMAIL ENCRYPTION 1.0.DOC 13644643 CPA SECURITY CHARACTERISTIC CPA-SC DESKTOP EMAIL ENCRYPTION 1.0.DOC Version 1.0 Crown Copyright 2016 All Rights Reserved CPA Security Characteristics for CPA-SC Desktop Email Encryption 1.0.doc

More information

UNCLASSIFIED CPA SECURITY CHARACTERISTIC SERVER VIRTUALISATION. Version 1.21. Crown Copyright 2012 All Rights Reserved

UNCLASSIFIED CPA SECURITY CHARACTERISTIC SERVER VIRTUALISATION. Version 1.21. Crown Copyright 2012 All Rights Reserved ID18939561 CPA SECURITY CHARACTERISTIC SERVER VIRTUALISATION Version 1.21 Crown Copyright 2012 All Rights Reserved CPA Security Characteristics for Server Virtualisation 18/05/2012 Document History Version

More information

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT Version 1.3 Crown Copyright 2015 All Rights Reserved 49358431 Page 1 of 12 About this document This document describes the features, testing and deployment

More information

CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES

CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Version 1.1 Crown Copyright 2016 All Rights Reserved 44335885 Page 1 of 6 About this document This document describes the features,

More information

October 2015 Issue No: 1.1. Security Procedures Windows Server 2012 Hyper-V

October 2015 Issue No: 1.1. Security Procedures Windows Server 2012 Hyper-V October 2015 Issue No: 1.1 Security Procedures Windows Server 2012 Hyper-V Security Procedures Windows Server 2012 Hyper-V Issue No: 1.1 October 2015 This document describes the manner in which this product

More information

UNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved.

UNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved. CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION Version 1.0 Crown Copyright 2012 All Rights Reserved Page 1 Document History Version Date Description 0.1 June 2012 Initial Draft Version 1.0 July

More information

USB Portable Storage Device: Security Problem Definition Summary

USB Portable Storage Device: Security Problem Definition Summary USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

More information

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75 Plain English Guide To Common Criteria Requirements In The Field Device Protection Profile Version 0.75 Prepared For: Process Control Security Requirements Forum (PCSRF) Prepared By: Digital Bond, Inc.

More information

USB Portable Storage Device: Security Problem Definition Summary

USB Portable Storage Device: Security Problem Definition Summary USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides

More information

BlackBerry 10.3 Work and Personal Corporate

BlackBerry 10.3 Work and Personal Corporate GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network

More information

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services October 2014 Issue No: 2.0 Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

More information

Central Agency for Information Technology

Central Agency for Information Technology Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage

More information

Policy Document. Communications and Operation Management Policy

Policy Document. Communications and Operation Management Policy Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author

More information

Guidance Regarding Skype and Other P2P VoIP Solutions

Guidance Regarding Skype and Other P2P VoIP Solutions Guidance Regarding Skype and Other P2P VoIP Solutions Ver. 1.1 June 2012 Guidance Regarding Skype and Other P2P VoIP Solutions Scope This paper relates to the use of peer-to-peer (P2P) VoIP protocols,

More information

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication

More information

Data Access Request Service

Data Access Request Service Data Access Request Service Guidance Notes on Security Version: 4.0 Date: 01/04/2015 1 Copyright 2014, Health and Social Care Information Centre. Introduction This security guidance is for organisations

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016 National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION

More information

SP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

SP 800-130 A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter SP 800-130 A Framework for Designing Cryptographic Key Management Systems 5/25/2012 Lunch and Learn Scott Shorter Topics Follows the Sections of SP 800-130 draft 2: Introduction Framework Basics Goals

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Payment Card Industry (PCI) Terminal Software Security. Best Practices

Payment Card Industry (PCI) Terminal Software Security. Best Practices Payment Card Industry (PCI) Terminal Software Security Best Version 1.0 December 2014 Document Changes Date Version Description June 2014 Draft Initial July 23, 2014 Core Redesign for core and other August

More information

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC)

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC) CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC) Version 1.0 Crown Copyright 2016 All Rights Reserved Page 1 Document History Version Date Description 1.0 October 2013 Initial issue Soft copy

More information

CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS

CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS CYBERSECURITY TESTING & CERTIFICATION SERVICE TERMS These Cybersecurity Testing and Certification Service Terms ( Service Terms ) shall govern the provision of cybersecurity testing and certification services

More information

Acano solution. Security Considerations. August 2015 76-1026-01-E

Acano solution. Security Considerations. August 2015 76-1026-01-E Acano solution Security Considerations August 2015 76-1026-01-E Contents Contents 1 Introduction... 3 2 Acano Secure Development Lifecycle... 3 3 Acano Security Points... 4 Acano solution: Security Consideration

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

How To Secure An Rsa Authentication Agent

How To Secure An Rsa Authentication Agent RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,

More information

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge

More information

Thick Client Application Security

Thick Client Application Security Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

PCI DSS Requirements - Security Controls and Processes

PCI DSS Requirements - Security Controls and Processes 1. Build and maintain a secure network 1.1 Establish firewall and router configuration standards that formalize testing whenever configurations change; that identify all connections to cardholder data

More information

A8.1 Asset Management Responsibility for assets: To identify organisational assets and define appropriate protection responsibilities.

A8.1 Asset Management Responsibility for assets: To identify organisational assets and define appropriate protection responsibilities. A8.1 Asset Management Responsibility for assets: To identify organisational assets and define appropriate protection responsibilities. 8.1.1 Inventory of assets. Tripwire IP360 provides comprehensive host

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

BYOD Guidance: BlackBerry Secure Work Space

BYOD Guidance: BlackBerry Secure Work Space GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Skoot Secure File Transfer

Skoot Secure File Transfer Page 1 Skoot Secure File Transfer Sharing information has become fundamental to organizational success. And as the value of that information whether expressed as mission critical or in monetary terms increases,

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

How To Protect Decd Information From Harm

How To Protect Decd Information From Harm Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

Guidance End User Devices Security Guidance: Apple OS X 10.9

Guidance End User Devices Security Guidance: Apple OS X 10.9 GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.9 Published 23 January 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform

More information

FISMA / NIST 800-53 REVISION 3 COMPLIANCE

FISMA / NIST 800-53 REVISION 3 COMPLIANCE Mandated by the Federal Information Security Management Act (FISMA) of 2002, the National Institute of Standards and Technology (NIST) created special publication 800-53 to provide guidelines on security

More information

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,

More information

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 2.0 to 3.0

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 2.0 to 3.0 Payment Card Industry (PCI) Data Security Standard Summary of s from Version 2.0 to 3.0 November 2013 Introduction This document provides a summary of changes from v2.0 to v3.0. Table 1 provides an overview

More information

Achieving PCI-Compliance through Cyberoam

Achieving PCI-Compliance through Cyberoam White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

PCI PA - DSS. Point BKX Implementation Guide. Version 2.01. Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core

PCI PA - DSS. Point BKX Implementation Guide. Version 2.01. Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core PCI PA - DSS Point BKX Implementation Guide Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core Version 2.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566

More information

PCI PA - DSS. Point ipos Implementation Guide. Version 1.01. VeriFone Vx820 using the Point ipos Payment Core

PCI PA - DSS. Point ipos Implementation Guide. Version 1.01. VeriFone Vx820 using the Point ipos Payment Core PCI PA - DSS Point ipos Implementation Guide VeriFone Vx820 using the Point ipos Payment Core Version 1.01 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm, Tel. +46 8 566 287 00 www.point.se Page

More information

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

Chapter 10. Cloud Security Mechanisms

Chapter 10. Cloud Security Mechanisms Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Salesforce1 Mobile Security Guide

Salesforce1 Mobile Security Guide Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,

More information

Citrix Password Manager, Enterprise Edition Version 4.5

Citrix Password Manager, Enterprise Edition Version 4.5 122-B COMMON CRITERIA CERTIFICATION REPORT No. CRP235 Citrix Password Manager, Enterprise Edition Version 4.5 running on Microsoft Windows and Citrix Presentation Server Issue 1.0 June 2007 Crown Copyright

More information

Guidance End User Devices Security Guidance: Apple ios 7

Guidance End User Devices Security Guidance: Apple ios 7 GOV.UK Guidance End User Devices Security Guidance: Apple ios 7 Updated 10 June 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform Can

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

UNCLASSIFIED Version 1.0 May 2012

UNCLASSIFIED Version 1.0 May 2012 Secure By Default: Platforms Computing platforms contain vulnerabilities that can be exploited for malicious purposes. Often exploitation does not require a high degree of expertise, as tools and advice

More information

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS CESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS Issue 1.1 Crown Copyright 2015 All Rights Reserved 1 of 9 Document History Version Date Description 0.1 November 2012 Initial Draft Version

More information

www.xceedium.com 2: Do not use vendor-supplied defaults for system passwords and other security parameters

www.xceedium.com 2: Do not use vendor-supplied defaults for system passwords and other security parameters 2: Do not use vendor-supplied defaults for system passwords and other security parameters 2.1: Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing

More information

Web Engineering Web Application Security Issues

Web Engineering Web Application Security Issues Security Issues Dec 14 2009 Katharina Siorpaes Copyright 2009 STI - INNSBRUCK www.sti-innsbruck.at It is NOT Network Security It is securing: Custom Code that drives a web application Libraries Backend

More information

Multi-factor authentication

Multi-factor authentication CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL

More information

Security Controls for the Autodesk 360 Managed Services

Security Controls for the Autodesk 360 Managed Services Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices

More information

User Authentication Guidance for IT Systems

User Authentication Guidance for IT Systems Information Technology Security Guideline User Authentication Guidance for IT Systems ITSG-31 March 2009 March 2009 This page intentionally left blank March 2009 Foreword The User Authentication Guidance

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

DRAFT Standard Statement Encryption

DRAFT Standard Statement Encryption DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Specific recommendations

Specific recommendations Background OpenSSL is an open source project which provides a Secure Socket Layer (SSL) V2/V3 and Transport Layer Security (TLS) V1 implementation along with a general purpose cryptographic library. It

More information

Full Drive Encryption Security Problem Definition - Encryption Engine

Full Drive Encryption Security Problem Definition - Encryption Engine 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Full Drive Encryption Security Problem Definition - Encryption Engine Introduction for the FDE Collaborative Protection Profiles

More information

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2 RSA Authentication Manager 7.1 Security Best Practices Guide Version 2 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks

More information

Chap. 1: Introduction

Chap. 1: Introduction Chap. 1: Introduction Introduction Services, Mechanisms, and Attacks The OSI Security Architecture Cryptography 1 1 Introduction Computer Security the generic name for the collection of tools designed

More information

WEB SERVICES SECURITY

WEB SERVICES SECURITY WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Security Implications Associated with Mass Notification Systems

Security Implications Associated with Mass Notification Systems Security Implications Associated with Mass Notification Systems Overview Cyber infrastructure: Includes electronic information and communications systems and services and the information contained in these

More information

A Rackspace White Paper Spring 2010

A Rackspace White Paper Spring 2010 Achieving PCI DSS Compliance with A White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry

More information

Global Partner Management Notice

Global Partner Management Notice Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING 6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information

More information

Credit Card Security

Credit Card Security Credit Card Security Created 16 Apr 2014 Revised 16 Apr 2014 Reviewed 16 Apr 2014 Purpose This policy is intended to ensure customer personal information, particularly credit card information and primary

More information

End User Devices Security Guidance: Apple ios 8

End User Devices Security Guidance: Apple ios 8 GOV.UK Guidance End User Devices Security Guidance: Apple ios 8 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best satisfy

More information

90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities. 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with

More information

PowerChute TM Network Shutdown Security Features & Deployment

PowerChute TM Network Shutdown Security Features & Deployment PowerChute TM Network Shutdown Security Features & Deployment By David Grehan, Sarah Jane Hannon ABSTRACT PowerChute TM Network Shutdown (PowerChute) software works in conjunction with the UPS Network

More information

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014 PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor bfranklin@compassitc.com January 23, 2014 Agenda Introduction PCI DSS 3.0 Changes What Can I Do to Prepare? When Do I Need to be Compliant? Questions

More information

Codes of Connection for Devices Connected to Newcastle University ICT Network

Codes of Connection for Devices Connected to Newcastle University ICT Network Code of Connection (CoCo) for Devices Connected to the University s Author Information Security Officer (Technical) Version V1.1 Date 23 April 2015 Introduction This Code of Connection (CoCo) establishes

More information

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4

More information