VE 14

From MozillaWiki
Revision as of 03:31, 24 March 2006 by Neil.williams (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Appendix C: Cryptographic Security Policy

AS14.01: (Levels 1, 2, 3, and 4) The cryptographic module security policy shall be included in the documentation provided by the vendor. Required Vendor Information VE14.01.01: A diagram or image of the physical cryptographic module (if appropriate) shall be included in the security policy. The image may be used to indicate the security relevant features of the cryptographic module (e.g., tamper evidence, status indicator(s), user interface(s), power connection(s), etc). Required Test Procedures TE14.01.01: The tester shall verify that the diagram or image is representational of the cryptographic module tested.

C.1 Definition of Cryptographic Module Security Policy

AS14.02: (Levels 1, 2, 3, and 4) The cryptographic module security policy shall consist of: a specification of the security rules, under which the cryptographic module shall operate, including the security rules derived from the requirements of the standard and the additional security rules imposed by the vendor. Note: This assertion is tested as part of AS14.05-AS14.09. AS14.03: (Levels 1, 2, 3, and 4) The specification shall be sufficiently detailed to answer the following questions:

• What access does operator X, performing service Y while in role Z, have to security-relevant data item W for every role, service, and security-relevant data item contained in the cryptographic module?

• What physical mechanisms are implemented to protect the cryptographic module and what actions are required to ensure that the physical security of the module is maintained?

• What security mechanisms are implemented in the cryptographic module to mitigate against attacks for which testable requirements are not defined in the standard?

Note: This assertion is tested as part of AS14.05-AS14.09.

C.2 Purpose of Cryptographic Module Security Policy

Note: This assertion is not separately tested.

C.3 Specification of the cryptographic Module Security Policy

AS14.04: (Levels 1, 2, 3, and 4) The cryptographic module security policy shall be expressed in terms of roles, services, and cryptographic keys and CSPs. At a minimum, the following shall be specified:

• an identification and authentication (I&A) policy,

• an access control policy,

• a physical security policy, and

• a security policy for mitigation of other attacks.

Note: This assertion is tested as part of AS14.05-AS14.09.

C.3.1 Identification and Authentication Policy

AS14.05: (Levels 1, 2, 3, and 4) The cryptographic module security policy shall specify an identification and authentication policy, including

• all roles (e.g., user, crypto officer, and maintenance) and associated type of authentication (e.g., identity-based, role-based, or none) and

• the authentication data required of each role or operator (e.g., password or biometric data) and the corresponding strength of the authentication mechanism.

Required Vendor Information VE14.05.01: The vendor shall specify all roles that may be assumed by an operator of the cryptographic module. This list shall include the User Role and the Crypto Officer Role (see AS03.03). If the cryptographic module allows for maintenance, the list shall include a Maintenance Role (see AS03.04). All other authorized roles shall be specified (see AS03.06). VE14.05.02: For Security Levels 2, 3, and 4, the vendor shall specify whether the type of authentication is identity-based or role-based for each of the roles listed in VE14.05.01. The vendor shall specify the authentication data required for each role (see AS03.17, AS03.19 and AS03.23). The vendor shall specify the strength of corresponding authentication mechanisms (see AS03.24, AS03.25, and AS03.28).

VE14.05.03: The vendor shall utilize the tabular formats specified in Appendix C of FIPS PUB 140-2. Required Test Procedures TE14.05.01: The tester shall check the security policy to ensure that all authorized roles are specified and are consistent with the information required by assertions AS03.03, AS03.04 and AS03.06. TE14.05.02: The tester shall verify that the type of authentication is specified for each role, the required authentication data is specified for each role, and the strength of all corresponding authentication mechanisms implemented by the module. The tester shall ensure that this information is consistent with the information required by assertions AS03.17, AS03.19, AS03.23, AS03.24, AS03.25, and AS03.28.

C.3.2 Access Control Policy

AS14.06: (Levels 1, 2, 3, and 4) The cryptographic module shall specify an access control policy. The specification shall be of sufficient detail to identify the cryptographic keys and CSPs the operator has access to while performing a service, and the type(s) of access the operator has to these parameters. Note: This assertion is not separately tested.

AS14.07: (Levels 1, 2, 3, and 4) The security policy shall specify: • all roles supported by the cryptographic module, • all services provided by the cryptographic module, • all cryptographic keys and CSPs employed by the cryptographic module, including o secret, private, and public cryptographic keys (both plaintext and encrypted), o authentication data such as passwords or PINs, and o other security-relevant information (e.g., audited events and audit data), • for each role, the services an operator is authorized to perform within that rBold textole, and • for each service within each role, the type(s) of access to the cryptographic keys and CSPs. Required Vendor Information VE14.07.01: The vendor shall specify all services that are provided to an authorized role. This list must include the Show Status Service and all Self-Test Services (see AS03.11). All other authorized roles shall be specified (see AS03.06). VE14.07.02: For each provided service within each authorized role, the vendor shall specify the allowed type(s) of access to security-related information, including secret and private cryptographic keys (both plaintext and encrypted), authentication data CSPs, and other protected information (see AS01.15). VE14.07.03: The vendor shall utilize the tabular format specified in Appendix C in FIPS PUB 140-2. Required Test Procedures TE14.07.01: The tester shall verify the security policy to ensure that the services provided to each role are specified (VE14.07.01), consistent with the information required by assertion AS03.14. TE14.07.02: The tester shall verify the security policy to ensure that it specifies the authorized type of access, allowed by services within roles, to all security-relevant information (VE14.07.01). The tester shall verify that the information is consistent with the requirements of assertion AS03.14.

C.3.3 Physical Security Policy

AS14.08: (Levels 1, 2, 3, and 4) The cryptographic module security policy shall specify a physical security policy, including:

• the physical security mechanisms that are implemented in the cryptographic module (e.g., tamper-evident seals, locks, tamper response and zeroization switches, and alarms) and

• the actions required by the operator(s) to ensure that physical security is maintained (e.g., periodic inspection of tamper-evident seals and zeroization switches). Required Vendor Information VE14.08.01: The vendor shall specify the physical security mechanisms that are implemented in the cryptographic module.

VE14.08.02: The vendor shall specify the actions required by the operator(s) to ensure that physical security is maintained. Required Test Procedures

TE14.08.01: The tester shall verify the security policy to ensure that the security mechanisms that are implemented are consistent with information required by assertion AS05.01.

C.3.4 Mitigation of Other Attacks Policy

AS14.09: (Levels 1, 2, 3, and 4) The cryptographic module security policy shall specify a security policy for mitigation of other attacks, including the security mechanisms implemented to mitigate the attacks.

Required Vendor Information VE14.09.01: The vendor shall specify the security mechanisms of the cryptographic module that are designed to mitigate specific attacks. This specification shall indicate how the implemented mechanism(s) were shown to mitigate the attack(s) and shall describe any limitations of these mechanisms (i.e., specific conditions or circumstances under which the mechanisms are known to be ineffective). VE14.09.02: The vendor shall utilize the tabular format specified in Appendix C in FIPS PUB 140-2. Required Test Procedures TE14.09.01: The tester shall verify that the security policy specifies the mechanism(s) employed in the specific attacks, describes how the implemented mechanism(s) were shown to mitigate the attack(s), and lists any known limitations.

Retrieved from "https://wiki.mozilla.org/index.php?title=VE_14&oldid=22856"