EAC Decision on Request for Interpretation 2008-03 (Operating System Configuration)



Similar documents
WYLE REPORT NO. T Appendix A.4. Security TEST CASE PROCEDURE SPECIFICATION (T )

Windows Remote Access

Citrix MetaFrame XP Security Standards and Deployment Scenarios

Summary of Results from California Testing of the ES&S Unity /AutoMARK Voting System

How To Get The Nist Report And Other Products For Free

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

How Reflection Software Facilitates PCI DSS Compliance

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Remote Administration

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

System Security Policy Management: Advanced Audit Tasks

SecureDoc Disk Encryption Cryptographic Engine

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

RemotelyAnywhere Getting Started Guide

McAfee Firewall Enterprise 8.2.1

Proto Balance SSL TLS Off-Loading, Load Balancing. User Manual - SSL.

PC Business Banking. Technical Requirements

Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Xerox DocuShare Security Features. Security White Paper

Mobile Admin Security

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

McAfee Firewall Enterprise 8.3.1

Computer Security. Draft Exam with Answers

March

DRAFT Standard Statement Encryption

Integrating LANGuardian with Active Directory

Netop Remote Control Security Server

BMC Client Management - SCAP Implementation Statement. Version 12.0

FileCloud Security FAQ

SECURITY ASSESSMENT SUMMARY REPORT FOR DOMINION VOTING SYSTEMS DEMOCRACY SUITE 4.0

Critical Controls for Cyber Security.

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Topics in Network Security

SECURITY ASSESSMENT SUMMARY REPORT FOR ES&S EVS VOTING SYSTEM. Appendix A.10

Volume I, Section 4 Table of Contents

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

Certification Report

How To Improve Nasa'S Security

Division of Information Technology Lehman College CUNY

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Using etoken for SSL Web Authentication. SSL V3.0 Overview

AHS Flaw Remediation Standard

Customer Tips. Xerox Network Scanning TWAIN Configuration for the WorkCentre 7328/7335/7345. for the user. Purpose. Background

Medical Device Security Health Group Digital Output

Guidance Regarding Skype and Other P2P VoIP Solutions

Nortel Networks, Inc. VPN Client Software (Software Version: 7_11.101) FIPS Non-Proprietary Security Policy

Compliance and Industry Regulations

RDM+ Desktop for Windows Getting Started Guide

Windows Operating Systems. Basic Security

Secure Network Communications FIPS Non Proprietary Security Policy

FISMA / NIST REVISION 3 COMPLIANCE

NeoMail Guide. Neotel (Pty) Ltd

Savitribai Phule Pune University

Federal Desktop Core Configuration (FDCC)

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

IBM Client Security Solutions. Client Security User's Guide

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak CR V4.1

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

Background Information

Microsoft Technologies

GE Measurement & Control. Cyber Security for NEI 08-09

User Guide. The AMF's File Transfer Service (FTS)

What items constitute an event as it relates to the requirements of a voting system's audit logging?

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

User Guide. FIPS Mode. For use with epolicy Orchestrator 4.6.x Software

SSL BEST PRACTICES OVERVIEW

General DBA Best Practices

EventTracker Enterprise v7.3 Installation Guide

HIPAA Privacy & Security White Paper

Using DC Agent for Transparent User Identification

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

CimTrak Integrity & Compliance Suite

epass2003 User Guide V1.0 Feitian Technologies Co., Ltd. Website:

Zmanda Cloud Backup Frequently Asked Questions

QUANTIFY INSTALLATION GUIDE

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

SCP - Strategic Infrastructure Security

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

Access Your Cisco Smart Storage Remotely Via WebDAV

Configuring Security Features of Session Recording

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Web Security School Entrance Exam

Avatier Identity Management Suite

Oracle Database Security and Audit

Global Partner Management Notice

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

LogMeIn HIPAA Considerations

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

The Infrastructure Audit Trail and Part 11

Security Management. Keeping the IT Security Administrator Busy

Enterprise Security Critical Standards Summary

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

United States Election Assistance Commission. Certificate of Conformance ES&S EVS

MOTOROLA MESSAGING SERVER SERVER AND MOTOROLA MYMAIL DESKTOP PLUS MODULE OVERVIEW. Security Policy REV 1.3, 10/2002

Transcription:

EAC Decision on Request for Interpretation 2008-03 (Operating System Configuration) 2002 VSS Volume1: 2.2.5.3, 4.1.1, 6.2.1.1, Volume2: 3.5 2005 VVSG Volume1: 2.1.5.2, 5.1.1, 7.2.1, Volume2: 3.5 Date: October 3, 2008 Question: What is required and appropriate for determining and validating operating system configuration settings? Section of Standards or Guidelines: VSS 2.2.5.3 COTS General Purpose Computer System Requirements VVSG 2.1.5.2 Use of Shared Computing Platforms Further requirements must be applied to Commercial-off-the-Shelf operating systems to ensure completeness and integrity of audit data for election software. These operating systems are capable of executing multiple application programs simultaneously. These systems include both servers and workstations, including the many varieties of UNIX and Linux, and those offered by Microsoft and Apple. Election software running on these systems is vulnerable to unintended effects from other user sessions, applications, and utilities executing on the same platform at the same time as the election software. Simultaneous processes of concern include: unauthorized network connections, unplanned user logins, and unintended execution or termination of operating system processes. An unauthorized network connection or unplanned user login can host unintended processes and user actions, such as the termination of operating system audit, the termination of election software processes, or the deletion of election software audit and logging data. The execution of an operating system process could be a full system scan at a time when that process would adversely affect the election software processes. Operating system processes improperly terminated could be system audit or malicious code detection. To counter these vulnerabilities, three operating system protections are required on all such systems on which election software is hosted. First, authentication shall be configured on the local terminal (display screen and keyboard) and on all external

connection devices ( network cards and ports ). This ensures that only authorized and identified users affect the system while election software is running Second, operating system audit shall be enabled for all session openings and closings, for all connection openings and closings, for all process executions and terminations, and for the alteration or deletion of any memory or file object. This ensures the accuracy and completeness of election data stored on the system. It also ensures the existence of an audit record of any person or process altering or deleting system data or election data. Third, the system shall be configured to execute only intended and necessary processes during the execution of election software. The system shall also be configured to halt election software processes upon the termination of any critical system process (such as system audit) during the execution of election software. VSS V1: 4.1.1 Software Sources VVSG V1: 5.1.1 Software Sources The requirements of this section apply generally to all software used in voting systems, including: Software provided by the voting system vendor and its component suppliers Software furnished by an external provider (for example, providers of COTS operating systems and web browsers) where the software may be used in any way during voting system operation Software developed by the voting jurisdiction Compliance with the software requirements is assessed by several formal tests, including code examination. Unmodified software is not subject to code examination; however, source code provided by third parties and embedded in software modules for compilation or interpretation shall be provided in human readable form to the accredited test lab. The accredited test lab may inspect source code units to determine testing requirements or to verify that the code is unmodified and that the default configuration options have not been changed. Configuration of software, both operating systems and applications, is critical to proper system functioning. Correct test design and sufficient test execution must account for the intended and proper configuration of all system components. Therefore, the vendors shall submit a record of all user selections made during software installation as part of the Technical Data Package. The vendor shall also submit a record of all configuration changes made to the software following its installation. The accredited test lab shall confirm the propriety and correctness of these user selections and configuration changes. VSS V1: 6.2.1 VVSG V1: 7.2.1 General Access Control Policy The vendor shall specify the general features and capabilities of the access control policy recommended to provide effective voting system security.

Although the jurisdiction in which the voting system is operated is responsible for determining the access policies for each election, the vendor shall provide a description of recommended policies for: a. Software access controls b. Hardware access controls c. Communications d. Effective password management e. Protection abilities of a particular operating system f. General characteristics of supervisory access privileges g. Segregation of duties h. Any additional relevant characteristics VSS V1: 6.2.1 VVSG V1: 7.2.1.1 Individual Access Privileges Voting system vendors shall: a. Identify each person to whom access is granted, and the specific functions and data to which each person holds authorized access b. Specify whether an individual s authorization is limited to a specific time, time interval or phase of the voting or counting operations c. Permit the voter to cast a ballot expeditiously, but preclude voter access to all aspects of the vote counting processes VSS V1: 6.2.2 VVSG V1: 7.2.1.2 Access Control Measures Vendors shall provide a detailed description of all system access control measures designed to permit authorized access to the system and prevent unauthorized access. Examples of such measures include: a. Use of data and user authorization b. Program unit ownership and other regional boundaries c. One-end or two-end port protection devices d. Security kernels e. Computer-generated password keys f. Special protocols g. Message encryption h. Controlled access security Vendors also shall define and provide a detailed description of the methods used to prevent unauthorized access to the access control capabilities of the system itself. VSS V2: 3.5 VVSG V2: V2: 3.5 Testing for Systems that Operate on Personal Computers For systems intended to use non-standard voting devices, such as a personal computer, provided by the local jurisdiction, the accredited test lab shall conduct functionality tests using hardware provided by the vendor that meets the minimum configuration specifications defined by the vendor.

Section 4 provides additional information on hardware to be used to conduct functionality testing of such voting devices, as well as hardware to be used to conduct security testing and other forms of testing. Discussion: VSS 4.1.1./VVSG 5.1.1., third paragraph clearly describes what is required of the vendor and the VSTL for configuration of software including COTS Operating System. It concludes with the statement The accredited test lab shall confirm the propriety and correctness of these user selections and configuration changes. As a benchmark to determine if user selections are correct the EAC will utilize guidelines that have been established by an activity that has a broad participation of software providers, application developers, security professionals, users, standards developers, government representatives etc. This provides an unbiased, vetted, stable but current, and trusted information base to use as the benchmark. The characteristics of the benchmark are consistent but the specific program that will be used will be selected to match the technology in question. For example the SCAP program and specifically the FDCC checklists for specific Operating System configuration settings will be used as the benchmark for assessing the adequacy of the testing, both in coverage as well as the appropriateness of specific settings. Three examples of the 295 from the National Checklist Repository (SCAP) for Windows XP, set to FDCC (Federal Desktop Configuration Checklist) guidance. CCE-315 Audit account logon events Set to: Success, Failure Determines whether to audit each instance of a user logging on to or logging off from another computer in which this computer is used to validate the account. If you define this policy setting, you can specify whether to audit successes, audit failures, or not audit the event type at all. Success audits generate an audit entry when an account logon attempt succeeds. Failure audits generate an audit entry when an account logon attempt fails. To set this value to no auditing, in the Properties dialog box for this policy setting, select the Define these policy settings check box and clear the Success and Failure check boxes. If success auditing for account logon events is enabled on a domain controller, an entry is logged for each user who is validated against that domain controller, even though the user is actually logging on to a workstation that is joined to the domain. CCE-233 Network security: Do not store LAN Manager hash value on next password change Determines if, at the next password change, LAN Manager is prevented from storing hash values for the new password. It is important to enable this setting since the LAN Manager Hash is a prime target of many hackers. CCE-55 System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing Determines if the TLS/SSL Security Provider supports only the LS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite. In effect, this means that the provider only supports the TLS protocol as a client and as a server (if applicable). It uses only the Triple DES encryption algorithm for the TLS traffic encryption, only the RSA public key

algorithm for the TLS key exchange and authentication, and only the SHA-1 hashing algorithm for the TLS hashing requirements. For Encrypting File System Service (EFS), it supports only the Triple DES encryption algorithm for encrypting file data supported by the Windows NTFS File System. By default, the Encrypting File System Service (EFS) uses the DESX algorithm for encrypting file data. Setting to Enabled causes problems documented in MS KB article Can't browse to SSL sites after enabling FIPS compliant cryptography. Conclusion: The Manufacturer and the VSTL may use whatever metrics they wish to establish the correct configuration of operating systems. It is incumbent on the VSTL to evaluate the configuration documentation provided by the manufacturer in order to determine completeness, clarity and consistency with the checklist criteria. The VSTL shall provide additional information if some inconsistency exists with the checklist criteria. This information must include any rationale supporting a contention that any inconsistencies with the checklist are either not applicable or have been mitigated. In review of the VSTL evaluation of the operating system(s) configuration, the EAC will use the NIST SCAP FDCC checklist, if available (some OS s may not currently be in the repository), as the benchmark for appropriate settings. If all the settings are not identifiable in the report or selections have been made to be other than the FDCC recommendation, a justification for the variance may be requested. It is recognized that in some cases variance may be required or desired for optimum security and functionality. Effective Date: Immediate- for all voting system test plans submitted after the date of this document.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information