FIPS and Common Criteria Compliant Operation for FortiMail 5.2.6

Similar documents
FortiVoice Enterprise Phone System GA Release Notes

FortiOS Handbook - Hardening your FortiGate VERSION 5.2.3

FortiMail VM (Microsoft Hyper-V) Install Guide

Purchase and Import a Signed SSL Certificate

FortiManager - Secure DNS Guide VERSION 5.4.1

FortiAnalyzer VM (VMware) Install Guide

Supported Upgrade Paths for FortiOS Firmware VERSION

What s New for FortiMail 5.2.0

Mobile Configuration Profiles for ios Devices Technical Note

FortiAuthenticator v2.0 MR1 Release Notes

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

FortiGate RADIUS Single Sign-On (RSSO) with Windows Server 2008 Network Policy Server (NPS) VERSION 5.2.3

High Availability. FortiOS Handbook v3 for FortiOS 4.0 MR3

FortiOS Handbook WAN Optimization, Web Cache, Explicit Proxy, and WCCP for FortiOS 5.0

HP A-IMC Firewall Manager

SSL VPN Technology White Paper

Intel Active Management Technology with System Defense Feature Quick Start Guide

FortiGate-AWS Deployment Guide

Please report errors or omissions in this or any Fortinet technical document to

FortiOS Handbook - PCI DSS Compliance VERSION 5.4.0

HP IMC Firewall Manager

Use FortiWeb to Publish Applications

Foglight Experience Monitor and Foglight Experience Viewer

FortiAuthenticator - What's New Guide VERSION 4.0

Fortinet FortiGate App for Splunk

LifeSize Control Installation Guide

Administration Guide. FortiAuthenticator 1.3

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

NETASQ SSO Agent Installation and deployment

F-Secure Messaging Security Gateway. Deployment Guide

Installation Notes for Outpost Network Security (ONS) version 3.2

Barracuda Link Balancer Administrator s Guide

(91) FortiOS 5.2

Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

Managing a FortiSwitch unit with a FortiGate Administration Guide

Feature Brief. FortiGate TM Multi-Threat Security System v3.00 MR5 Rev. 1.1 July 20, 2007

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

SonicWALL SRA Virtual Appliance Getting Started Guide

Configuring FortiVoice for Skype VoIP service

EMC Data Domain Management Center

WAN Optimization, Web Cache, Explicit Proxy, and WCCP. FortiOS Handbook v3 for FortiOS 4.0 MR3

NMS300 Network Management System

H3C SSL VPN RADIUS Authentication Configuration Example

Acano solution. Security Considerations. August E


Dell OpenManage Mobile Version 1.4 User s Guide (Android)

Release Notes for Dominion SX Firmware 3.1.6

enetworks TM Using the Syslog Feature C.1 Configuring the Syslog Feature

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

HA OVERVIEW. FortiGate FortiOS v3.0 MR5.

Configuring Trend Micro Content Security

FortiManager Centralized Device Management

Deployment Guide: Transparent Mode

Managing Software and Configurations

NEFSIS DEDICATED SERVER

VERITAS Backup Exec TM 10.0 for Windows Servers

McAfee Firewall Enterprise 8.2.1

BorderGuard Client. Version 4.4. November 2013

Virtual Appliance Setup Guide

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

Avalanche Site Edition

SonicOS Enhanced Release Notes TZ 180 Series and TZ 190 Series SonicWALL, Inc. Firmware Release: August 28, 2007

eprism Security Suite

Backing Up and Restoring Data

How To Program A Talkswitch Phone On A Cell Phone On An Ip Phone On Your Ip Phone (For A Sim Sim) On A Pc Or Ip Phone For A Sim Phone On Iphone Or Ipro (For An Ipro) On

FortiGate High Availability Overview Technical Note

Lab 8.3.3b Configuring a Remote Router Using SSH

English ETERNUS CS800 S3. Backup Exec OST Guide

Release Notes. Contents. Release Purpose. Platform Compatibility. Windows XP and Internet Explorer 8 Update

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Release Notes. Contents. Release Purpose. Platform Compatibility. Licensing on the SRA Appliances and Virtual Appliance

Forcepoint Sidewinder, Virtual Appliance Evaluation for Desktop. Installation Guide 8.x. Revision A

FIPS Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security

CA Unified Infrastructure Management Server

Kaseya Server Instal ation User Guide June 6, 2008

VMware vcenter Log Insight Getting Started Guide

CA Performance Center

technical brief browsing to an installation of HP Web Jetadmin. Internal Access HTTP Port Access List User Profiles HTTP Port

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

Nokia for Business. Nokia and Nokia Connecting People are registered trademarks of Nokia Corporation

FioranoMQ 9. High Availability Guide

Sonian Getting Started Guide October 2008

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

FIPS SECURITY POLICY FOR

Dell One Identity Cloud Access Manager Installation Guide

TECHNICAL BULLETIN. Configuring Wireless Settings in an i-stat 1 Wireless Analyzer

FortiFone QuickStart Guide for FON-670i and FON-675i

Lab Creating a Logical Network Diagram

Basic System. Vyatta System. REFERENCE GUIDE Using the CLI Working with Configuration System Management User Management Logging VYATTA, INC.

FortiOS Handbook - Getting Started VERSION 5.2.2

Backup and Recovery Procedures

Configuring FortiVoice for Bandwidth.com VoIP service

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Release Notes. Contents. Release Purpose. Platform Compatibility. Windows XP and Internet Explorer 8 Update

Administration Guide. FortiAuthenticator 1.2

Digi Connect Wan 3G Application Guide Update the firmware, backup and restore the configuration of a Digi Connect Wan 3G using a USB flash drive.

SteelEye Protection Suite for Windows Microsoft Internet Information Services Recovery Kit. Administration Guide

Allworx OfficeSafe Operations Guide Release 6.0

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

2 Downloading Access Manager 3.1 SP4 IR1

Transcription:

FIPS 140-2 and Common Criteria Compliant Operation for FortiMail 5.2.6

FIPS 140-2 and Common Criteria Compliant Operation for FortiMail 5.2.6 January 15, 2016 06-510-277781-20150505 Copyright 2016 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Technical Documentation Knowledge Base Customer Service & Support Training Services FortiGuard Document Feedback docs.fortinet.com kb.fortinet.com support.fortinet.com training.fortinet.com fortiguard.com techdocs@fortinet.com

Contents Introduction... 5 Before you begin... 5 How the document is organized... 5 FIPS and CC compliant operation... 6 Introduction to FIPS-CC... 6 Security level summary... 6 Documentation... 6 Overview of Common Criteria compliant operation... 7 Install Updated Certificate... 7 Use of non-fips-cc evaluated features... 7 Effects of FIPS-CC mode... 7 Initial configuration of the FortiMail unit... 10 Installing the unit... 10 Configuration of units with AMC/FMC modules... 10 Verifying the firmware version of the unit... 10 Downloading and installing FIPS-CC firmware... 10 About the Fortinet entropy token... 11 Enabling FIPS-CC mode... 12 Configuring interfaces... 12 Admin access disclaimer... 13 Re-enabling NPU support... 13 FIPS-CC mode status indication... 13 Self-test settings... 13 Running self-tests manually... 13 Administration... 14 User guidance... 14 Remote access requirements... 14 FortiExplorer access... 14 Configuration backup... 14 Firewall... 15 Enabling Firewall policies... 15 Required Firewall policies... 15 Firewall authentication... 18 Additional settings... 19 Logging... 19 Logging to external devices... 19 Reconnecting to FortiAnalyzer... 19 Local logging... 20 Logging settings... 20 Fortinet Inc. Page 3 FIPS-CC Compliant Operation for FortiMail 5.2.6

Error modes... 20 FIPS Error mode... 20 CC Error mode... 21 Disabling FIPS-CC mode... 21 Fortinet Inc. Page 4 FIPS-CC Compliant Operation for FortiMail 5.2.6

FIPS and CC compliant operation Fortinet certifies specific FortiMail firmware builds that are compliant with U.S. Federal Information Processing Standards (FIPS), Common Criteria (CC) security requirements, or both. At the publication date of this document, the latest FortiMail FIPS and CC certified build is FortiMail 5.2 GA Patch 6 (b460). This section describes how to install these certified builds on a FortiMail appliance and how to operate the unit in the FIPS-CC compliant mode. This document is intended to be used by a system administrator. Introduction to FIPS-CC Security level summary Fortinet performs Common Criteria certifications on specific FortiMail builds in combination with specific hardware models. Fortinet performs FIPS 140-2 certifications on specific FortiMail builds in combination with specific hardware models (FIPS 140-2 Level 2 certification) and on FortiMail independent of hardware (FIPS 140-2 Level 1 certification). Documentation The documentation for FortiMail units operated in FIPS-CC mode consists of this document and the standard FortiMail documentation set. Documentation is available from the Fortinet Technical Documentation web site at http://docs.fortinet.com. Information on the Common Criteria certification is found in the Security Target. Information on FIPS 140-2 certification is found in the relevant Security Policy. These documents are available on the Fortinet Support web site from the same directory where you download the firmware. Overview of Common Criteria compliant operation Common Criteria compliant operation requires both that you use the FortiMail unit in its FIPS-CC mode of operation and that you follow secure procedures for installation and operation of the FortiMail unit. You must ensure that: The FortiMail unit is installed in a secure physical location. Physical access to the FortiMail unit is restricted to authorized operators. Strong password policies are enabled with all character options selected and applied to all user types. Only secure administrative methods are used to access the FortiMail unit. These are: command line interface (CLI) access via the console connection web-based manager via HTTPS Telnet, SSH and HTTP access should not be used. Within FIPS-CC mode, the FortiMail unit can be used in either of its two operation modes: NAT/Route or Transparent. Fortinet Inc. Page 5 FIPS-CC Compliant Operation for FortiMail 5.2.6

Install Updated Certificate By default, FortiMail units use a certificate signed by a Fortinet Certificate Authority (CA). Administrators should consult the FortiMail Administration Guide for additional information on replacing the default CA and certificate. Use of non-fips-cc evaluated features FIPS-CC mode does not prevent you from using features that were not part of the evaluated configuration. However, if you use these features, you may not be operating the FortiMail unit in strict compliance with the Security Target or Security Policy. Refer to the Security Target and relevant Security Policy for more information. Effects of FIPS-CC mode The following list describes, not necessarily in order, the effects of enabling FIPS-CC mode with respect to the default mode of operation. Interfaces Immediately after switching to FIPS-CC mode, all network interfaces are down and have no IP address assigned. Configure interfaces as needed. Administration Strong cryptography is enabled by default, which only allows strong ciphers (AES, 3DES) and digest (SHA-1/256) for HTTPS admin access and TLS connections to remote IT entities. The Diffie-Hellman parameters for HTTPS admin access and TLS connections to remote entities is set to Group 14 (2048bit modulus) by default. The get system status CLI command display includes FIPS-CC status: enable. When configuring passwords or keys, the FortiMail unit requires you to enter the password or key a second time as confirmation. The FortiMail unit performs self-tests at startup, when cryptographic keys are generated, and on a recurring basis. If any of these tests fail, the unit goes into FIPS Error mode and shuts down. The self-tests cannot be disabled, except by disabling FIPS-CC mode. Also, the administrator can run self-tests at any time. See Running self-tests manually. The FortiMail TFTP server is disabled by default. Routing Immediately after switching to FIPS-CC mode, no default route is configured. Logging Logging is enabled for all event types except POP3 server and IMAP server at the information severity level. Initial configuration of the FortiMail unit This section describes how to configure your FortiMail unit in the FIPS-CC mode of operation. Proceed as follows: 1. Install the unit following the procedures in the documentation. 2. Register your FortiMail unit with Fortinet. Fortinet Inc. Page 6 FIPS-CC Compliant Operation for FortiMail 5.2.6

3. Download the FortiMail 5.2.6 firmware from Fortinet and install it on your unit. 4. Verify the firmware version of your FortiMail unit. 5. Enable FIPS-CC mode. Installing the unit Both the Quick Start Guide and the Getting Started section of the Installation Guide for your FortiMail unit provide instructions on the physical installation and initial configuration of your unit. When you have completed these procedures you will be able to access both the web-based manager and Command Line Interface (CLI). Verifying the firmware version of the unit Execute the following command from the command line: get system status The version line of the status display shows the FortiMail model number, firmware version, build number and date. For example: Version: FortiMail-200D v5.2,buildtbd,yymmdd (5.2.6 GA) Verify in the relevant security target or security policy document that your firmware version, build number and date are correct. Downloading and installing FIPS-CC firmware To download the firmware 1. With your web browser, go to ftp://support.fortinet.com/ and log in using the name and password you received when you registered with Fortinet Support. 2. Navigate to the FortiMail 5.2.6 download page. Download the firmware build for your specific hardware model. Save the file on the management computer or on your network where it is accessible from the FortiMail unit. Note that upgrading a FortiMail unit running an earlier certified build in FIPS-CC mode to FortiMail 5.2.6 is not supported. Upgrading an existing FortiMail FIPS-CC mode configuration is a manual process. Back up your configuration and contact Fortinet support before starting. About the Fortinet entropy token Generation of strong encryption keys requires a source of random numbers, sometimes referred to as entropy. The FortiMail firmware can provide entropy, but a hardware solution provides better entropy. Based on a wide band, Gaussian white noise generator, the Fortinet entropy token provides users with a simple, FIPS 140-2 and NDPP CC validated source of entropy. The Fortinet entropy token is compatible with FortiMail 5.2 or higher. Installing the entropy token Plug the entropy token into an available USB port on the FortiMail unit. Note that the entropy token requires a USB-A port. Fortinet Inc. Page 7 FIPS-CC Compliant Operation for FortiMail 5.2.6

Configuring the entropy token settings Use of the entropy token is required in FIPS-CC mode. It is possible to disable the use of the token in FIPS-CC mode, but doing so means the unit will not be operating in a FIPS or CC compliant manner. There are three options for the entropy token setting: enable token required (this is the default in FIPS-CC mode) disable token is not required and is not used even if present dynamic token is not required, but is used if present The entropy token can also be used in the default, non-fips-cc mode of operation. For example, to enable FIPS-CC mode with dynamic use of the entropy token enter: config system fips-cc set entropy-token dynamic set status enable end Refer to Enabling FIPS-CC mode, next for detailed information about enabling FIPS-CC mode. Once the entropy token is enabled, it is used to seed the internal FortiMail Random Number Generator (RNG). The RNG is seeded during the boot process and then reseeded periodically. The default reseed period is once every 24 hours (1440 minutes). The self-test-period setting is only available in the FIPS-CC mode of operation. Please refer to Entropy token reseed interval on how to configure in the CLI. The entropy token must be present to allow the RNG to seed or reseed from the token. When FortiMail is configured in FIPS-CC mode with the entropy token enabled, if the token is not present at boot time or the reseed interval, the boot process will pause until the token is inserted. The following message is displayed on the console: Please insert entropy-token to complete RNG seeding The message is repeated until the token is inserted. If the entropy token is set to dynamic and the token is not present at boot time or the scheduled reseed interval, the unit will use the default, internal FortiMail seed method instead. Enabling FIPS-CC mode If you have verified the firmware version, you are ready to enable FIPS-CC mode. When you enable FIPS-CC mode, all of the existing configuration is lost. The new password must be at least 8 characters long and must contain at least one each of: upper-case-letter lower-case-letter numeral non-alphanumeric character To enable FIPS-CC mode 1. Plug the entropy token into a USB port on the FortiMail unit. Fortinet Inc. Page 8 FIPS-CC Compliant Operation for FortiMail 5.2.6

2. Log in to the CLI through the console port. Use the default admin account or another account with a super_admin access profile. Enter the following commands: config system fips-cc set status enable end If the FortiMail unit is currently in multi-vdom mode, you need to precede the above commands with the command config global. 3. Follow the prompts to complete the initial setup of FIPS-CC mode, including setting the admin account password and selecting the mode of operation and reseed internal for the entropy token. 4. The unit will reboot and start up in FIPS-CC mode. Configuring interfaces When FIPS-CC mode is initially enabled, all network interfaces including virtual interfaces are down and have no IP addresses assigned. You must use the console connection to perform the initial configuration of the unit. This example shows how to configure port1 with an IP address of 192.168.0.99 and administrative access to permit use of the web-based manager. config system interface edit port1 set ip 192.168.0.99 255.255.255.0 set allowaccess https set status up end For detailed information about configuring network interfaces, refer to the FortiMail documentation supplied with your unit. Admin access disclaimer In order to meet NDPP (Network Device Protection Profile) requirements, the pre-login disclaimer banner must be enabled. To enable the disclaimer, log in to the unit over HTTPS using the default admin account or another account with a super_admin access profile and follow these steps: 1. Navigate to the System > Configuration > Options tab of the GUI. 2. Edit the disclaimer text as needed. 3. Select the check box for Display pre-login banner: Admin under the Login Disclaimer Setting. 4. Apply the changes. FIPS-CC mode status indication In FIPS-CC mode, the output of the get system status command includes FIPS-CC status: enable Fortinet Inc. Page 9 FIPS-CC Compliant Operation for FortiMail 5.2.6

Entropy token reseed interval The default reseed interval for the entropy token is 1440 minutes. The following CLI command can change this to any period from 1 to 1440 minutes, inclusive. config system fips-cc set reseed-interval <minutes_int> end Running self-tests manually The administrator can run self-tests manually at any time. To run all of the tests, enter the following CLI command: execute fips kat all To run an individual test, enter execute fips kat <test_name>. To see the list of valid test names, enter execute fips kat? Configuration files Configuration backup files created in FIPS-CC mode are not compatible with backup files created in non-fips-cc mode. A FIPS-CC mode configuration backup cannot be restored in non-fips-cc mode and vice-versa. You can create FIPS-CC configuration backup files to use for disaster recovery. They are valid on a replacement FortiMail unit or to restore configuration after you exit and then re-enter FIPS-CC mode. For detailed information about creating configuration backup files, refer to the FortiMail Administration Guide. Use of secure protocols FortiMail supports several mail related protocols where secure or plaintext protocols can be configured, including SMTP/SMTPS, POP3/POP3S and IMAP/IMAPS. HTTP/HTTPS can be used for Webmail access. When the related features are being used, FortiMail should be configured to use the secure version of each protocol. Mail server settings: Go to Mail Settings>Settings in the FortiMail GUI. Enable SMTP over SSL/TLS for the local host setting. Enable Redirect HTTP to HTTPS for Webmail access. Mail Domain settings: Go to Mail Settings>Domain in the FortiMail GUI. Enable Use SMTPS for the relay type and recipient address verification. Access control policies Go to Policy>Access Control in the FortiMail GUI. Fortinet Inc. Page 10 FIPS-CC Compliant Operation for FortiMail 5.2.6

Use a TLS profile set to Encrypt or Secure for receiving and delivery policies. Authentication profiles Go to Profile>Authentication in the FortiMail GUI. Create and use an Authentication Profile with TLS enabled. Security profiles Go to Profile>Security>TLS. Create a TLS profile set to Encrypt or Secure. Authentication Local authentication should be used for administrators since RADIUS and LDAP authentication are not part of the Common Criteria evaluated configuration. Logging NDPP Common Criteria compliance requires logging of all traffic and logging of system events, including startup and shutdown of functional components. TLS protocol level logging TLS protocol level logging is supported at the debug log level. The log level is set independently for local (disk) and remote (FortiAnalyzer) logging. To enable remote debug level logging on your FortiMail unit, connect to the CLI and enter the following commands: config log setting remote edit <remote log server profile name> set loglevel debug end To enable local debug level logging on your FortiMail unit, connect to the CLI and enter the following commands: config log setting local set loglevel debug end Note that debug level log messages are not displayed in the FortiMail GUI. To view TLS protocol level log messages, download the FortiMail event log from the log monitor page or view them in the FortiAnalyzer log viewer. Logging to external devices Offloading logs to a remote server over a secure connection is also required to maintain NDPP CC compliance. Audit logs are sent in real-time to the configured audit server(s). The audit events are transmitted as they are generated and a cache accommodating 32k audit records is maintained to address Fortinet Inc. Page 11 FIPS-CC Compliant Operation for FortiMail 5.2.6

temporary outages in communication with the remote server. Once the cache fills up, the oldest records are discarded in order to make room for new records. For information on offloading logs to a remote FortiAnalyzer device over SSL, see the Logging and Reporting chapter of the FortiMail Administration Guide. Select OFTPS as the logging protocol. If the SSL connection with the FortiAnalyzer is interrupted, one (or both) of the following log messages will be displayed: SSL write to <ip address> has failed. SSL connection to <ip address> is successfully closed. Please re-establish the SSL connection between the devices to maintain CC compliance. Reconnecting to FortiAnalyzer Should communications to the FortiAnalyzer be interrupted, the FortiMail is no longer considered to be operating in a CC compliant manner. If an interruption occurs in the communications path between the FortiMail and FortiAnalyzer units, the administrator can attempt to re-establish the connection manually by sending a ping to the FortiAnalyzer via the FortiMail CLI. This can be done in the evaluated configuration by logging in to the GUI via HTTPS and launching the console. Once the console is launched, the administrator may execute the following command: exec ping <FortiAnalyzer IP address> If the ping is successful, the FortiAnalyzer and the FortiMail should re-establish communication and logs should resume flowing to the FortiAnalyzer. If a manual ping does not re-establish the connection, there may be a more serious network problem or problem with the FortiAnalyzer unit itself. Contact Fortinet support, if necessary, to resolve the problem. FIPS Error mode When one or more of the self-tests fail, the FortiMail unit switches to FIPS Error mode. The FortiMail unit shuts down all interfaces including the console and blocks traffic. To resume normal FIPS-CC mode operation, power cycle the unit. If the self-tests pass after the reboot, the unit will resume normal FIPS-CC operation. If a self-test continues to fail after rebooting, there is likely a serious firmware or hardware problem and the unit should be removed from the network until the problem is solved. If the self-test failure persists across reboots, you can attempt to reload the firmware after formatting the units flash memory (via the boot menu). If the self-test failure persists after reloading the firmware and re-enabling the FIPS-CC mode of operation, contact Fortinet technical support. Disabling FIPS-CC mode The only way that you can return the FortiMail unit to the normal mode of operation is to restore the factory default configuration. Enter the following CLI command: execute factoryreset Disabling FIPS-CC mode erases the current configuration, including VPN certificates and encryption keys and HTTPS. Fortinet Inc. Page 12 FIPS-CC Compliant Operation for FortiMail 5.2.6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information