CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE



Similar documents
UNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved.

UNCLASSIFIED

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS

UNCLASSIFIED CPA SECURITY CHARACTERISTIC REMOTE DESKTOP. Version 1.0. Crown Copyright 2011 All Rights Reserved

CPA SECURITY CHARACTERISTIC SECURE VOIP CLIENT

UNCLASSIFIED CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION. Version 1.1. Crown Copyright 2011 All Rights Reserved

CPA SECURITY CHARACTERISTIC TLS VPN FOR REMOTE WORKING SOFTWARE CLIENT

CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT

CPA SECURITY CHARACTERISTIC ENTERPRISE MANAGEMENT OF DATA AT REST ENCRYPTION

CPA SECURITY CHARACTERISTIC MIKEY-SAKKE SECURE VOIP GATEWAY

UNCLASSIFIED CPA SECURITY CHARACTERISTIC WEB APPLICATION FIREWALLS. Version 1.3. Crown Copyright 2011 All Rights Reserved

CPA SECURITY CHARACTERISTIC IPSEC VPN FOR REMOTE WORKING SOFTWARE CLIENT

CPA SECURITY CHARACTERISTIC GATEWAY ENCRYPTION

October 2015 Issue No: 1.1. Security Procedures Windows Server 2012 Hyper-V

CPA SECURITY CHARACTERISTIC IPSEC VPN GATEWAY

UNCLASSIFIED CPA SECURITY CHARACTERISTIC SERVER VIRTUALISATION. Version Crown Copyright 2012 All Rights Reserved

CPA SECURITY CHARACTERISTIC SOFTWARE FULL DISK ENCRYPTION

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC)

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

Secure Data Exchange Solution

CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd

Oracle Business Intelligence Enterprise Edition (OBIEE) Version with Quick Fix running on Oracle Enterprise Linux 4 update 5 x86_64

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

USB Portable Storage Device: Security Problem Definition Summary

Citrix Password Manager, Enterprise Edition Version 4.5

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

BlackBerry 10.3 Work and Personal Corporate

Application Guidance CCP Penetration Tester Role, Practitioner Level

Copyright bizagi

Oracle Identity and Access Management 10g Release running on Red Hat Enterprise Linux AS Release 4 Update 5

Secure USB Flash Drive. Biometric & Professional Drives

Patterns for Secure Boot and Secure Storage in Computer Systems

CERTIFICATION REPORT No. CRP253

Walton Centre. Asset Management. Information Security Management System: SS 03: Asset Management Page 1. Version: 1.

Acano solution. Security Considerations. August E

USB Portable Storage Device: Security Problem Definition Summary

Citrix NetScaler Platinum Edition Load Balancer Version 10.5 running on MPX 9700-FIPS, MPX FIPS, MPX FIPS, MPX FIPS appliances

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

HMRC Secure Electronic Transfer (SET)

Certification Report

Third Party Identity Services Assurance Framework. Information Security Registered Assessors Program Guide

SENSE Security overview 2014

Certicom Security for Government Suppliers developing client-side products to meet the US Government FIPS security requirement

Service Definition Document

Guidance Regarding Skype and Other P2P VoIP Solutions

Secure Network Communications FIPS Non Proprietary Security Policy

developing your potential Cyber Security Training

Randomized Hashing for Digital Signatures

CESG Certification of Cyber Security Training Courses

Pulse Secure, LLC. January 9, 2015

Notable Changes to NERC Reliability Standard CIP-010-3

Cisco Trust Anchor Technologies

FIPS Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

Technical Standards for Information Security Measures for the Central Government Computer Systems

Executable Integrity Verification

CERTIFICATION REPORT No. CRP271

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Security Principles. Related to. Handset Theft

Cyber Essentials Scheme

28400 POLICY IT SECURITY MANAGEMENT

IT Networking and Security

SP A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

Mobile OTPK Technology for Online Digital Signatures. Dec 15, 2015

Summary of CIP Version 5 Standards

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

IT Heath Check Scoping guidance ALPHA DRAFT

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

Certification Report

Site to Site Virtual Private Networks (VPNs):

SSL CERTIFICATE GOOD PRACTICE GUIDE

ScreenMaster RVG200 Paperless recorder FDA-approved record keeping. Measurement made easy

End User Devices Security Guidance: Apple OS X 10.10

Service Description. 3SKey. Connectivity

GoodData Corporation Security White Paper

Key Management Interoperability Protocol (KMIP)

Application Architectures

Certification Report

SIMPLIFYING THE PATCH MANAGEMENT PROCESS

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Challenges and Solutions for Effective SSD Data Erasure

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Citrix NetScaler Platinum Edition Load Balancer

[SMO-SFO-ICO-PE-046-GU-

Code Signing for Source Code

Federal PKI (FPKI) Community Transition to SHA-256 Frequently Asked Questions (FAQ)

Transcription:

12040940 CPA SECURITY CHARACTERISTIC DATA SANITISATION - FLASH BASED STORAGE Version 0.3 Crown Copyright 2012 All Rights Reserved

CPA Security Characteristics for Data Sanitisation - Flash Based Storage Document History Version Date Description 0.1 June 2011 First draft 0.2 July 2011 Updated following internal review 0.3 August 2011 Updated following external review This Security Characteristic is derived from the following files File Name Version Data Sanitisation Flash Based Storage v0.3.cxl 0.3 Common Libraries - v1.0.cxl 1.0 Hardware Libraries v1.0.cxl 1.0 Soft copy location DiscoverID 12040940 This document is authorised by: Deputy Technical Director (Assurance), CESG This document is issued by CESG For queries about this document please contact: CPA Administration Team CESG Hubble Road Cheltenham Gloucestershire GL51 0EX United Kingdom Tel: +44 (0)1242 221 491 Email: cpa@cesg.gsi.gov.uk The CPA Authority may review, amend, update, replace or issue new Scheme Documents as may be required from time to time. Page ii

CPA Security Characteristics for Data Sanitisation - Flash Based Storage CONTENTS REFERENCES... iv I. OVERVIEW... 1 A. Product Aims... 1 B. Typical Use Case(s)... 1 C. Expected Operating Environment... 1 D. Compatibility... 1 E. Interoperability... 1 F. Future Enhancements... 1 II. SECURITY CHARACTERISTIC FORMAT... 2 III. REQUIREMENTS... 3 A. Design Mitigations... 3 B. Verification Mitigations... 3 C. Deployment Mitigations... 3 IV. GLOSSARY... 4 Page iii

CPA Security Characteristics for Data Sanitisation - Flash Based Storage REFERENCES [a] The Process for Performing Foundation Grade CPA Evaluations, v1.3, August 2011, CESG [b] HMG IA Standard No. 5 - Secure Sanitisation (April 2011 Issue No: 4.0) Page iv

I. OVERVIEW 1. This document is a CPA Security Characteristic it describes requirements for a particular type of assured product for evaluation and certification under CESG s Commercial Product Assurance (CPA) scheme. A. Product Aims 2. This Security Characteristic covers sanitisation of all Flash-based storage media. Typical examples include solid-state hard drives, USB Thumb drives and SD cards. B. Typical Use Case(s) 3. A certified Foundation grade product may be used to reduce the protective marking of Flash storage media. The product may also be deployed to allow re-use of Flash storage media in the same or an equivalent environment. This is relevant where there is a requirement to limit the availability of data to those with a legitimate need for access. 4. Use of a certified Foundation grade product is a Category B procedure, sufficient to mitigate against a Basic Laboratory attack type as defined in [b]. C. Expected Operating Environment 5. Products for sanitising Flash based storage may operate in any environment where Flash technology is used for data storage. D. Compatibility 6. Flash sanitisation products may exist as software executed on any platform to which the Flash storage is attached. Alternatively, solutions may be integrated as a function within the storage device itself. E. Interoperability 7. Sanitisation functions will not always exist as a product in their own right. It is preferable for other approved products using Flash based storage to include built in sanitisation functions. F. Future Enhancements 8. No enhancements are currently planned for this Security Characteristic. 9. CESG welcomes feedback and suggestions on possible enhancements to this Security Characteristic. Page 1

II. SECURITY CHARACTERISTIC FORMAT 10. All CPA Security Characteristics contain a list of mitigations which are split into three requirement categories: development, verification and deployment requirements. Within each of these sets the mitigations can be grouped based on areas of the product (as illustrated in the High Level Functional Component Diagram above), such as bulk encryption or authentication, or they may be overarching requirements which apply to the whole product. Reference [a] describes how evaluation teams should interpret Security Characteristics. 11. The three types of mitigations are denominated as follows: DEV These are mitigations that are included by the developer during the design or implementation of the product. These are validated via a review of the product s design or implementation during a CPA evaluation. VER Verification mitigations are specific mitigations that the evaluator must test during the assessment of the product. DEP Deployment mitigations are points that must be considered by users or administrators during the deployment of the product. These mitigations are incorporated into the security procedures for the product. 12. Each mitigation includes informational text in italics, describing the threat that it is expected to mitigate. It also lists at least one specific mitigation, which describes what must actually be done to achieve that requirement. In some cases there is additional explanatory text which expands upon these requirements. 13. In the requirements listed below, the following terminology can be used: Must, Mandatory and Required are used to express a mitigation that is essential. All mitigations and detailed mitigations are mandatory unless there is an explicit caveat, such as if supported by the product. Should and Strongly Recommended are used whenever a requirement is highly desirable, but is not essential. These are likely to become mandatory in future iterations of the Security Characteristic. Could and Recommended are used to express a non-mandatory requirement that may enhance security or functionality. 14. For example: DEV.M1: [A mitigation] This mitigation is required to counter [a threat] At Foundation the product must [do something]. This can be achieved by [explanatory comment]. Page 2

III. REQUIREMENTS A. Design Mitigations DEV.M28: Code is signed and verified. This mitigation is required to counter installation of malware on host. At Foundation Grade the product is required to ensure all code is signed and verified prior to installation. The product must have a built-in signature verification mechanism. The digital signature algorithm must be ECDSA-256 or DSA-1536/192 and the hash algorithm must be SHA-256. If there are additional resources as part of the installation package, such as configuration files, then these must also be signed. DEV.M274: Directly address the Flash cells to overwrite all data, including redundant physical blocks normally hidden by the flash translation layer. This mitigation is required to counter reading directly from Flash cells, bypassing the flash translation layer/memory management. At Foundation Grade the product is required to overwrite all physical memory locations with NPM data. Then perform a further 'full erase' in accordance with the Flash manufacturer's instructions. DEV.M275: Verify all sensitive data has been sanitised. This mitigation is required to counter reading non-sanitised data. At Foundation Grade the product is required to carry out a verification step to ensure NPM data has been written to all locations as expected. Any locations which cannot be overwritten must be reported. B. Verification Mitigations VER.M277: Attempt recovery of data from a sanitised Flash storage device. This mitigation is required to counter reading non-sanitised data. At Foundation Grade the evaluator will write a known pattern to all blocks of a Flash memory device before sanitisation. After sanitisation, read back the contents and verify that all blocks (including any hidden or redundant regions) have been overwritten. C. Deployment Mitigations DEP.M30: Detect modification to system. This mitigation is required to counter installation of malware on host. At Foundation Grade the deployment is required to regularly run a commercial malware detection tool on the protected product. DEP.M276: If any Flash cells fail to sanitise, dispose of media in a secure manner. This mitigation is required to counter reading non-sanitised data. At Foundation Grade the deployment is required to consult HMG IA Standard No.5 [b], for the appropriate method of secure disposal. Page 3

IV. GLOSSARY 15. The following definitions are used in this document: Term COTS CPA HMG NPM SD Security Characteristic USB Meaning Commercial Off The Shelf Commercial Product Assurance Her Majesty s Government Non-Protectively Marked Secure Digital A standard which describes necessary mitigations which must be present in a completed product, its evaluation or usage, particular to a type of security product. Universal Serial Bus Page 4

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information