CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES



Similar documents
OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT

CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE

UNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved.

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS

CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT

UNCLASSIFIED CPA SECURITY CHARACTERISTIC REMOTE DESKTOP. Version 1.0. Crown Copyright 2011 All Rights Reserved

CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY

October 2015 Issue No: 1.1. Security Procedures Windows Server 2012 Hyper-V

CPA SECURITY CHARACTERISTIC ENTERPRISE MANAGEMENT OF DATA AT REST ENCRYPTION

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC)

Oracle Business Intelligence Enterprise Edition (OBIEE) Version with Quick Fix running on Oracle Enterprise Linux 4 update 5 x86_64

CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT

Citrix Password Manager, Enterprise Edition Version 4.5

BlackBerry 10.3 Work and Personal Corporate

UNCLASSIFIED

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

Citrix NetScaler Platinum Edition Load Balancer Version 10.5 running on MPX 9700-FIPS, MPX FIPS, MPX FIPS, MPX FIPS appliances

UNCLASSIFIED CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION. Version 1.1. Crown Copyright 2011 All Rights Reserved

BYOD Guidance: BlackBerry Secure Work Space

Application Guidance CCP Penetration Tester Role, Practitioner Level

Oracle Identity and Access Management 10g Release running on Red Hat Enterprise Linux AS Release 4 Update 5

1E POWER AND PATCH MANAGEMENT PACK INCLUDING WAKEUP AND NIGHTWATCHMAN Version 5.6 running on multiple platforms

CERTIFICATION REPORT No. CRP253

CPA SECURITY CHARACTERISTIC IPSEC VPN FOR REMOTE WORKING SOFTWARE CLIENT

CERTIFICATION REPORT No. CRP271

Information Security Policies. Version 6.1

CPA SECURITY CHARACTERISTIC IPSEC VPN GATEWAY

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business

U06 IT Infrastructure Policy

Windows Phone 8 devices will be used remotely over 3G, 4G and non-captive Wi-Fi networks to enable a variety of remote working approaches such as

Citrix NetScaler Platinum Edition Load Balancer

Security Failures in Smart Card Payment Systems: Tampering the Tamper-Proof

Making Data at Rest Encryption Easy

Small businesses: What you need to know about cyber security

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

Secure Mobile Solutions

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Data Access Request Service

Certificate and Diplomas in ICT Professional Competence ( /02/03/04)

C033 Certification Report

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

PSN compliant remote access Whitepaper

CPA SECURITY CHARACTERISTIC GATEWAY ENCRYPTION

C015 Certification Report

Practitioner Certificate in Information Assurance Architecture (PCiIAA)

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Newcastle University Information Security Procedures Version 3

Certification Report

Guidance End User Devices Security Guidance: Apple ios 7

Evaluation. Common Criteria. Questions & Answers Xerox and Canon. Xerox Advanced Multifunction Systems

Small businesses: What you need to know about cyber security

Guidance End User Devices Security Guidance: Apple OS X 10.9

BYOD Guidance: Good Technology

Cryptography and Key Management Basics

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Walton Centre. Asset Management. Information Security Management System: SS 03: Asset Management Page 1. Version: 1.

A Guide to the Cyber Essentials Scheme

OEM Software Agreement

Protecting Data-at-Rest with SecureZIP for DLP

Digital Rights Management in the Internet

OPC UA vs OPC Classic

A practical guide to IT security

Programme Guideline G6. End-to-End Certification Process for Point of Sale Equipment

Miami University. Payment Card Data Security Policy

Management of Official Records in a Business System

UNCLASSIFIED CPA SECURITY CHARACTERISTIC WEB APPLICATION FIREWALLS. Version 1.3. Crown Copyright 2011 All Rights Reserved

Centers for Disease Control and Prevention, Public Health Information Network Messaging System (PHINMS)

SecureD Technical Overview

Advanced Authentication

McAfee Firewall Enterprise

Transglobal Secure Collaboration Program Secure v.1 Gateway Design Principles

ELECTRONIC TENDERING SYSTEM FOR RFQ

Self-Encrypting Hard Disk Drives in the Data Center

e2e Secure Cloud Connect Service - Service Definition Document

Guide to Data Field Encryption

Card Processing Services. Virtual Terminal & EazyPay

HKCAS Supplementary Criteria No. 8

CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION

The True Story of Data-At-Rest Encryption & the Cloud

Technical Standards for Information Security Measures for the Central Government Computer Systems

MultiSpeak Version 3.0 Compliance Assertion

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement.

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION

Transcription:

CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Version 1.1 Crown Copyright 2016 All Rights Reserved 44335885 Page 1 of 6

About this document This document describes the features, testing and deployment requirements necessary to meet CPA certification for Data at Rest Encryption: Always-on Mobile Device security products. It is intended for vendors, system architects, developers, evaluation and technical staff operating within the security arena. The specific testing and deployment requirements are detailed in the Common Criteria document Protection Profile for Mobile Device Fundamentals Version 2.0 [A]. Document history The CPA Authority may review, amend, update, replace or issue new Scheme Documents as may be required from time to time. Soft copy location: DiscoverID <44335885> Version Date Description 1.0 October 2014 Initial release 1.1 December 2014 Minor changes following external review Contact CESG This document is authorised by: Technical Director (Assurance), CESG. For queries about this document please contact: CPA Administration Team CESG, Hubble Road Cheltenham Gloucestershire GL51 0EX, UK Email: cpa@cesg.gsi.gov.uk Tel: +44 (0)1242 221 491 CPA SECURITY CHARACTERISTIC: DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Page 2 of 6

Contents Section 1 Overview... 4 1.1 Introduction... 4 1.2 Mapping to the Common Criteria Protection Profile... 4 1.3 Product description... 4 Section 2 Additional Mandatory Requirements... 5 Appendix A References... 6 CPA SECURITY CHARACTERISTIC: DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Page 3 of 6

Section 1 Overview 1.1 Introduction The NIAP Protection Profile for Mobile Device Fundamentals Version 2.0 document [A] describes a set of requirements for mobile devices that can be certified through the Common Criteria scheme. The document you are now reading is a CPA Security Characteristic that: Provides a route to awarding a Foundation Grade certification for data at rest encryption products used by always on mobile devices, which already have CC certification. Highlights those requirements which are listed in the Protection Profile for Mobile Device Fundamentals as extended or optional, but which are mandatory in products that are to be successfully assessed against this SC This Security Characteristic aligns with guidance from the UK Government s End User Device (EUD) Security Framework [B]. 1.2 Mapping to the Common Criteria Protection Profile Mobile device products successfully certified via the Common Criteria, against the Protection Profile for Mobile Device Fundamentals, can be additionally awarded Foundation Grade Certification for their data at rest encryption element. This additional certification can be achieved by the product vendor informing the CPA Authority of the Common Criteria certification and providing evidence to show that assessment successfully verified that the product met the extended Protection profile requirements listed in Section 2 of this document. Once the CPA Authority have confirmed the vendor s assertions, the product will be awarded a Foundation Grade certification against this Security Characteristic. The product must be provided with suitable Security Procedures which describe how to securely provision, configure, operate, maintain and dispose of the evaluated device. These are expected to be short, and may refer to other documents (such as vendor guidance) as necessary. 1.3 Product description The aim of the security products relevant to this Security Characteristic is to maintain the confidentiality of data stored on an always-on mobile device by encrypting the data and providing controlled access to it. This protects the data if the mobile device is lost or stolen. However, it cannot protect against certain attacks, such as a lost or stolen device being accessed by a third party before the automatic lock has activated. Furthermore, the product may provide the ability to verify the integrity of the data, but is not able to prevent its physical destruction. CPA SECURITY CHARACTERISTIC: DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Page 4 of 6

Section 2 Additional Mandatory Requirements Section 4.1.2 of the Protection Profile for Mobile Device Fundamentals specifies additional optional requirements for protected storage on the device. For this Security Characteristic, those requirements (below) must be implemented and successfully assessed for a product to be awarded Foundation Grade certification. Protection Profile Requirements FDP_DAR_EXT.2.1 FDP_DAR_EXT.2.2 FDP_DAR_EXT.2.3 FDP_DAR_EXT.2.4 Description The TSF shall provide a mechanism for applications to mark data and keys as sensitive. The TSF shall use an asymmetric key scheme to encrypt and store sensitive data received while the product is locked. The TSF shall encrypt any stored symmetric key and any stored private key of the asymmetric key(s) used for the protection of sensitive data according to FCS_STG_EXT.2 selection 2. The TSF shall decrypt the sensitive data that was received while in the locked state upon transitioning to the unlocked state using the asymmetric key scheme and shall re-encrypt that sensitive data using the symmetric key scheme. CPA SECURITY CHARACTERISTIC: DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Page 5 of 6

Appendix A References Label Title Version Date Location [A] [B] Protection Profile for Mobile Device Fundamentals End User Devices Security and Configuration Guidance 2.0 September 2014 October 2014 www.niap-ccevs.org/pp/pp_md_v2.0/ www.gov.uk/government/collections/end-userdevices-security-guidance CPA SECURITY CHARACTERISTIC: DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information