VE 14: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
mNo edit summary
m (Add Category:NSS)
 
(4 intermediate revisions by 4 users not shown)
Line 1: Line 1:
==Appendix C: Cryptographic Security Policy==
==Appendix C: CRYPTOGRAPHIC SECURITY POLICY==
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.01: (Levels 1, 2, 3, and 4)</FONT></B>The cryptographic module security policy shall be included in the documentation provided by the vendor.</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.01: (Levels 1, 2, 3, and 4)</FONT></B>The cryptographic module security policy shall be included in the documentation provided by the vendor.</FONT></FONT></FONT></P>
==VE14.01.01==
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE14.01.01</FONT></B> A diagram or image of the physical cryptographic module (if appropriate) shall be included in the security policy. The image may be used to indicate the security relevant features of the cryptographic module (e.g., tamper evidence, status indicator(s), user interface(s), power connection(s), etc).</FONT></FONT></FONT></P>
<P ALIGN=LEFT STYLE="margin-top: 0.11in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>VE14.01.01</FONT></B> A diagram or image of the physical cryptographic module (if appropriate) shall be included in the security policy. The image may be used to indicate the security relevant features of the cryptographic module (e.g., tamper evidence, status indicator(s), user interface(s), power connection(s), etc).</FONT></FONT></FONT></P>
===C.1 Definition of Cryptographic Module Security Policy===
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.02: (Levels 1, 2, 3, and 4)</FONT></B>The cryptographic module security policy shall consist of:
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.02: (Levels 1, 2, 3, and 4)</FONT></B>The cryptographic module security policy shall consist of:
a specification of the security rules, under which the cryptographic module shall operate, including the security rules derived from the requirements of the standard and the additional security rules imposed by the vendor.
a specification of the security rules, under which the cryptographic module shall operate, including the security rules derived from the requirements of the standard and the additional security rules imposed by the vendor.
Line 8: Line 8:
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.03: (Levels 1, 2, 3, and 4)</FONT></B> The specification shall be sufficiently detailed to answer the following questions:
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.03: (Levels 1, 2, 3, and 4)</FONT></B> The specification shall be sufficiently detailed to answer the following questions:
* What access does operator X, performing service Y while in role Z, have to security-relevant data item W for every role, service, and security-relevant data item contained in the cryptographic module?
* What access does operator X, performing service Y while in role Z, have to security-relevant data item W for every role, service, and security-relevant data item contained in the cryptographic module?
* What physical mechanisms are implemented to protect the cryptographic module and what actions are required to ensure that the physical security of the module is maintained?
* What physical mechanisms are implemented to protect the cryptographic module and what actions are required to ensure that the physical security of the module is maintained?
* What security mechanisms are implemented in the cryptographic module to mitigate against attacks for which testable requirements are not defined in the standard?
* What security mechanisms are implemented in the cryptographic module to mitigate against attacks for which testable requirements are not defined in the standard?
<br>
<br>
Note: This assertion is tested as part of AS14.05-AS14.09.</FONT></FONT></FONT></P>
Note: This assertion is tested as part of AS14.05-AS14.09.</FONT></FONT></FONT></P>
===C.2 Purpose of Cryptographic Module Security Policy===
Note: This assertion is not separately tested.
===C.3 Specification of the cryptographic Module Security Policy===
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.04: (Levels 1, 2, 3, and 4)</FONT></B>The cryptographic module security policy shall be expressed in terms of roles, services, and cryptographic keys and CSPs. At a minimum, the following shall be specified:
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.04: (Levels 1, 2, 3, and 4)</FONT></B>The cryptographic module security policy shall be expressed in terms of roles, services, and cryptographic keys and CSPs. At a minimum, the following shall be specified:
* an identification and authentication (I&A) policy,
* an identification and authentication (I&A) policy,
* an access control policy,
* an access control policy,
* a physical security policy, and
* a physical security policy, and
* a security policy for mitigation of other attacks.
* a security policy for mitigation of other attacks.
<br>
<br>
Note: This assertion is tested as part of AS14.05-AS14.09.
Note: This assertion is tested as part of AS14.05-AS14.09.
</FONT></FONT></FONT></P>
</FONT></FONT></FONT></P>
===C.3.1 Identification and Authentication Policy===
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.05: (Levels 1, 2, 3, and 4)</FONT></B>The cryptographic module security policy shall specify an identification and authentication policy, including
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.01: (Levels 1, 2, 3, and 4)</FONT></B>The cryptographic module security policy shall be included in the documentation provided by the vendor.</FONT></FONT></FONT></P>'''AS14.05: (Levels 1, 2, 3, and 4)''' The cryptographic module security policy shall specify an identification and authentication policy, including
 
* all roles (e.g., user, crypto officer, and maintenance) and associated type of authentication (e.g., identity-based, role-based, or none) and
* all roles (e.g., user, crypto officer, and maintenance) and associated type of authentication (e.g., identity-based, role-based, or none) and
* the authentication data required of each role or operator (e.g., password or biometric data) and the corresponding strength of the authentication mechanism.
* the authentication data required of each role or operator (e.g., password or biometric data) and the corresponding strength of the authentication mechanism.
</FONT></FONT></FONT></P>
==VE14.05.01==
'''VE14.05.01''': The vendor shall specify all roles that may be assumed by an operator of the cryptographic module. This list shall include the User Role and the Crypto Officer Role (see AS03.03). If the cryptographic module allows for maintenance, the list shall include a Maintenance Role (see AS03.04). All other authorized roles shall be specified (see AS03.06).


Required Vendor Information
==VE14.05.02==
'''VE14.05.01''': The vendor shall specify all roles that may be assumed by an operator of the cryptographic module. This list shall include the User Role and the Crypto Officer Role (see AS03.03). If the cryptographic module allows for maintenance, the list shall include a Maintenance Role (see AS03.04). All other authorized roles shall be specified (see AS03.06).
'''VE14.05.02''': For Security Levels 2, 3, and 4, the vendor shall specify whether the type of authentication is identity-based or role-based for each of the roles listed in VE14.05.01. The vendor shall specify the authentication data required for each role (see AS03.17, AS03.19 and AS03.23). The vendor shall specify the strength of corresponding authentication mechanisms (see AS03.24, AS03.25, and AS03.28).
VE14.05.02: For Security Levels 2, 3, and 4, the vendor shall specify whether the type of authentication is identity-based or role-based for each of the roles listed in VE14.05.01. The vendor shall specify the authentication data required for each role (see AS03.17, AS03.19 and AS03.23). The vendor shall specify the strength of corresponding authentication mechanisms (see AS03.24, AS03.25, and AS03.28).


==VE14.05.03==
'''VE14.05.03:''' The vendor shall utilize the tabular formats specified in Appendix C of FIPS PUB 140-2.
'''VE14.05.03:''' The vendor shall utilize the tabular formats specified in Appendix C of FIPS PUB 140-2.
Required Test Procedures
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.06: (Levels 1, 2, 3, and 4)</FONT></B>The cryptographic module shall specify an access control policy. The specification shall be of sufficient detail to identify the cryptographic keys and CSPs the operator has access to while performing a service, and the type(s) of access the operator has to these parameters.
'''TE14.05.01:''' The tester shall check the security policy to ensure that all authorized roles are specified and are consistent with the information required by assertions AS03.03, AS03.04 and AS03.06.
<br>
'''TE14.05.02''': The tester shall verify that the type of authentication is specified for each role, the required authentication data is specified for each role, and the strength of all corresponding authentication mechanisms implemented by the module. The tester shall ensure that this information is consistent with the information required by assertions AS03.17, AS03.19, AS03.23, AS03.24, AS03.25, and AS03.28.
===C.3.2 Access Control Policy===
'''AS14.06: (Levels 1, 2, 3, and 4)''' The cryptographic module shall specify an access control policy. The specification shall be of sufficient detail to identify the cryptographic keys and CSPs the operator has access to while performing a service, and the type(s) of access the operator has to these parameters.
Note: This assertion is not separately tested.
Note: This assertion is not separately tested.
 
</FONT></FONT></FONT></P>
'''AS14.07: (Levels 1, 2, 3, and 4)''' The security policy shall specify:
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.07: (Levels 1, 2, 3, and 4)</FONT></B>The cryptographic module security policy shall be included in the documentation provided by the vendor.</FONT></FONT></FONT></P>
all roles supported by the cryptographic module,
The security policy shall specify:
all services provided by the cryptographic module,
* all roles supported by the cryptographic module,
all cryptographic keys and CSPs employed by the cryptographic module, including
* all services provided by the cryptographic module,
o secret, private, and public cryptographic keys (both plaintext and encrypted),
* all cryptographic keys and CSPs employed by the cryptographic module, including
o authentication data such as passwords or PINs, and
** secret, private, and public cryptographic keys (both plaintext and encrypted),
o other security-relevant information (e.g., audited events and audit data),
** authentication data such as passwords or PINs, and
for each role, the services an operator is authorized to perform within that r'''Bold text'''ole, and
** other security-relevant information (e.g., audited events and audit data),
for each service within each role, the type(s) of access to the cryptographic keys and CSPs.
* for each role, the services an operator is authorized to perform within that r'''Bold text'''ole, and
Required Vendor Information
* for each service within each role, the type(s) of access to the cryptographic keys and CSPs.
VE14.07.01: The vendor shall specify all services that are provided to an authorized role. This list must include the Show Status Service and all Self-Test Services (see AS03.11). All other authorized roles shall be specified (see AS03.06).
<br>
==VE14.07.01==
'''VE14.07.01''': The vendor shall specify all services that are provided to an authorized role. This list must include the Show Status Service and all Self-Test Services (see AS03.11). All other authorized roles shall be specified (see AS03.06).
==VE14.07.02==
'''VE14.07.02''': For each provided service within each authorized role, the vendor shall specify the allowed type(s) of access to security-related information, including secret and private cryptographic keys (both plaintext and encrypted), authentication data CSPs, and other protected information (see AS01.15).
'''VE14.07.02''': For each provided service within each authorized role, the vendor shall specify the allowed type(s) of access to security-related information, including secret and private cryptographic keys (both plaintext and encrypted), authentication data CSPs, and other protected information (see AS01.15).
==VE14.07.03==
'''VE14.07.03''': The vendor shall utilize the tabular format specified in Appendix C in FIPS PUB 140-2.
'''VE14.07.03''': The vendor shall utilize the tabular format specified in Appendix C in FIPS PUB 140-2.
Required Test Procedures
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.08: (Levels 1, 2, 3, and 4)</FONT></B>The cryptographic module security policy shall specify a physical security policy, including:
'''TE14.07.01''': The tester shall verify the security policy to ensure that the services provided to each role are specified (VE14.07.01), consistent with the information required by assertion AS03.14.
TE14.07.02: The tester shall verify the security policy to ensure that it specifies the authorized type of access, allowed by services within roles, to all security-relevant information (VE14.07.01). The tester shall verify that the information is consistent with the requirements of assertion AS03.14.


===C.3.3 Physical Security Policy===
* the physical security mechanisms that are implemented in the cryptographic module (e.g., tamper-evident seals, locks, tamper response and zeroization switches, and alarms) and
'''AS14.08: (Levels 1, 2, 3, and 4)''' The cryptographic module security policy shall specify a physical security policy, including:


• the physical security mechanisms that are implemented in the cryptographic module (e.g., tamper-evident seals, locks, tamper response and zeroization switches, and alarms) and
* the actions required by the operator(s) to ensure that physical security is maintained (e.g., periodic inspection of tamper-evident seals and zeroization switches).</FONT></FONT></FONT></P>
 
==VE14.08.01==
the actions required by the operator(s) to ensure that physical security is maintained (e.g., periodic inspection of tamper-evident seals and zeroization switches).
Required Vendor Information
'''VE14.08.01''': The vendor shall specify the physical security mechanisms that are implemented in the cryptographic module.
'''VE14.08.01''': The vendor shall specify the physical security mechanisms that are implemented in the cryptographic module.
 
==VE14.08.02==
'''VE14.08.02''': The vendor shall specify the actions required by the operator(s) to ensure that physical security is maintained.
'''VE14.08.02''': The vendor shall specify the actions required by the operator(s) to ensure that physical security is maintained.
Required Test Procedures
<P ALIGN=LEFT STYLE="margin-top: 0.19in; margin-bottom: 0in"><FONT COLOR="#000000"><FONT FACE="Times New Roman, Times New Roman, serif"><FONT SIZE=3><B><FONT SIZE=4>AS14.09: (Levels 1, 2, 3, and 4)</FONT></B>The cryptographic module security policy shall specify a security policy for mitigation of other attacks, including the security mechanisms implemented to mitigate the attacks.
 
</FONT></FONT></FONT></P>
'''TE14.08.01''': The tester shall verify the security policy to ensure that the security mechanisms that are implemented are consistent with information required by assertion AS05.01.
==VE14.09.01==
 
===C.3.4 Mitigation of Other Attacks Policy===
'''AS14.09: (Levels 1, 2, 3, and 4)''' The cryptographic module security policy shall specify a security policy for mitigation of other attacks, including the security mechanisms implemented to mitigate the attacks.
 
Required Vendor Information
'''VE14.09.01''': The vendor shall specify the security mechanisms of the cryptographic module that are designed to mitigate specific attacks. This specification shall indicate how the implemented mechanism(s) were shown to mitigate the attack(s) and shall describe any limitations of these mechanisms (i.e., specific conditions or circumstances under which the mechanisms are known to be ineffective).
'''VE14.09.01''': The vendor shall specify the security mechanisms of the cryptographic module that are designed to mitigate specific attacks. This specification shall indicate how the implemented mechanism(s) were shown to mitigate the attack(s) and shall describe any limitations of these mechanisms (i.e., specific conditions or circumstances under which the mechanisms are known to be ineffective).
==VE14.09.02==
'''VE14.09.02''': The vendor shall utilize the tabular format specified in Appendix C in FIPS PUB 140-2.
'''VE14.09.02''': The vendor shall utilize the tabular format specified in Appendix C in FIPS PUB 140-2.
Required Test Procedures
[[Category:NSS]]
'''TE14.09.01''': The tester shall verify that the security policy specifies the mechanism(s) employed in the specific attacks, describes how the implemented mechanism(s) were shown to mitigate the attack(s), and lists any known limitations.

Latest revision as of 11:00, 28 January 2007

Appendix C: CRYPTOGRAPHIC SECURITY POLICY

AS14.01: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall be included in the documentation provided by the vendor.

VE14.01.01

VE14.01.01 A diagram or image of the physical cryptographic module (if appropriate) shall be included in the security policy. The image may be used to indicate the security relevant features of the cryptographic module (e.g., tamper evidence, status indicator(s), user interface(s), power connection(s), etc).

AS14.02: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall consist of: a specification of the security rules, under which the cryptographic module shall operate, including the security rules derived from the requirements of the standard and the additional security rules imposed by the vendor. Note: This assertion is tested as part of AS14.05-AS14.09.

AS14.03: (Levels 1, 2, 3, and 4) The specification shall be sufficiently detailed to answer the following questions:

  • What access does operator X, performing service Y while in role Z, have to security-relevant data item W for every role, service, and security-relevant data item contained in the cryptographic module?
  • What physical mechanisms are implemented to protect the cryptographic module and what actions are required to ensure that the physical security of the module is maintained?
  • What security mechanisms are implemented in the cryptographic module to mitigate against attacks for which testable requirements are not defined in the standard?


Note: This assertion is tested as part of AS14.05-AS14.09.

AS14.04: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall be expressed in terms of roles, services, and cryptographic keys and CSPs. At a minimum, the following shall be specified:

  • an identification and authentication (I&A) policy,
  • an access control policy,
  • a physical security policy, and
  • a security policy for mitigation of other attacks.


Note: This assertion is tested as part of AS14.05-AS14.09.

AS14.05: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall specify an identification and authentication policy, including

  • all roles (e.g., user, crypto officer, and maintenance) and associated type of authentication (e.g., identity-based, role-based, or none) and
  • the authentication data required of each role or operator (e.g., password or biometric data) and the corresponding strength of the authentication mechanism.

VE14.05.01

VE14.05.01: The vendor shall specify all roles that may be assumed by an operator of the cryptographic module. This list shall include the User Role and the Crypto Officer Role (see AS03.03). If the cryptographic module allows for maintenance, the list shall include a Maintenance Role (see AS03.04). All other authorized roles shall be specified (see AS03.06).

VE14.05.02

VE14.05.02: For Security Levels 2, 3, and 4, the vendor shall specify whether the type of authentication is identity-based or role-based for each of the roles listed in VE14.05.01. The vendor shall specify the authentication data required for each role (see AS03.17, AS03.19 and AS03.23). The vendor shall specify the strength of corresponding authentication mechanisms (see AS03.24, AS03.25, and AS03.28).

VE14.05.03

VE14.05.03: The vendor shall utilize the tabular formats specified in Appendix C of FIPS PUB 140-2.

AS14.06: (Levels 1, 2, 3, and 4)The cryptographic module shall specify an access control policy. The specification shall be of sufficient detail to identify the cryptographic keys and CSPs the operator has access to while performing a service, and the type(s) of access the operator has to these parameters.
Note: This assertion is not separately tested.

AS14.07: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall be included in the documentation provided by the vendor.

The security policy shall specify:

  • all roles supported by the cryptographic module,
  • all services provided by the cryptographic module,
  • all cryptographic keys and CSPs employed by the cryptographic module, including
    • secret, private, and public cryptographic keys (both plaintext and encrypted),
    • authentication data such as passwords or PINs, and
    • other security-relevant information (e.g., audited events and audit data),
  • for each role, the services an operator is authorized to perform within that rBold textole, and
  • for each service within each role, the type(s) of access to the cryptographic keys and CSPs.


VE14.07.01

VE14.07.01: The vendor shall specify all services that are provided to an authorized role. This list must include the Show Status Service and all Self-Test Services (see AS03.11). All other authorized roles shall be specified (see AS03.06).

VE14.07.02

VE14.07.02: For each provided service within each authorized role, the vendor shall specify the allowed type(s) of access to security-related information, including secret and private cryptographic keys (both plaintext and encrypted), authentication data CSPs, and other protected information (see AS01.15).

VE14.07.03

VE14.07.03: The vendor shall utilize the tabular format specified in Appendix C in FIPS PUB 140-2.

AS14.08: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall specify a physical security policy, including:

  • the physical security mechanisms that are implemented in the cryptographic module (e.g., tamper-evident seals, locks, tamper response and zeroization switches, and alarms) and
  • the actions required by the operator(s) to ensure that physical security is maintained (e.g., periodic inspection of tamper-evident seals and zeroization switches).

VE14.08.01

VE14.08.01: The vendor shall specify the physical security mechanisms that are implemented in the cryptographic module.

VE14.08.02

VE14.08.02: The vendor shall specify the actions required by the operator(s) to ensure that physical security is maintained.

AS14.09: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall specify a security policy for mitigation of other attacks, including the security mechanisms implemented to mitigate the attacks.

VE14.09.01

VE14.09.01: The vendor shall specify the security mechanisms of the cryptographic module that are designed to mitigate specific attacks. This specification shall indicate how the implemented mechanism(s) were shown to mitigate the attack(s) and shall describe any limitations of these mechanisms (i.e., specific conditions or circumstances under which the mechanisms are known to be ineffective).

VE14.09.02

VE14.09.02: The vendor shall utilize the tabular format specified in Appendix C in FIPS PUB 140-2.

Retrieved from "https://wiki.allizom.org/index.php?title=VE_14&oldid=47605"