VE 14

From MozillaWiki
Jump to: navigation, search

Appendix C: CRYPTOGRAPHIC SECURITY POLICY

AS14.01: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall be included in the documentation provided by the vendor.

VE14.01.01

VE14.01.01 A diagram or image of the physical cryptographic module (if appropriate) shall be included in the security policy. The image may be used to indicate the security relevant features of the cryptographic module (e.g., tamper evidence, status indicator(s), user interface(s), power connection(s), etc).

AS14.02: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall consist of: a specification of the security rules, under which the cryptographic module shall operate, including the security rules derived from the requirements of the standard and the additional security rules imposed by the vendor. Note: This assertion is tested as part of AS14.05-AS14.09.

AS14.03: (Levels 1, 2, 3, and 4) The specification shall be sufficiently detailed to answer the following questions:

  • What access does operator X, performing service Y while in role Z, have to security-relevant data item W for every role, service, and security-relevant data item contained in the cryptographic module?
  • What physical mechanisms are implemented to protect the cryptographic module and what actions are required to ensure that the physical security of the module is maintained?
  • What security mechanisms are implemented in the cryptographic module to mitigate against attacks for which testable requirements are not defined in the standard?

Note: This assertion is tested as part of AS14.05-AS14.09.

AS14.04: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall be expressed in terms of roles, services, and cryptographic keys and CSPs. At a minimum, the following shall be specified:

  • an identification and authentication (I&A) policy,
  • an access control policy,
  • a physical security policy, and
  • a security policy for mitigation of other attacks.

Note: This assertion is tested as part of AS14.05-AS14.09.

AS14.05: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall specify an identification and authentication policy, including

  • all roles (e.g., user, crypto officer, and maintenance) and associated type of authentication (e.g., identity-based, role-based, or none) and
  • the authentication data required of each role or operator (e.g., password or biometric data) and the corresponding strength of the authentication mechanism.

VE14.05.01

VE14.05.01: The vendor shall specify all roles that may be assumed by an operator of the cryptographic module. This list shall include the User Role and the Crypto Officer Role (see AS03.03). If the cryptographic module allows for maintenance, the list shall include a Maintenance Role (see AS03.04). All other authorized roles shall be specified (see AS03.06).

VE14.05.02

VE14.05.02: For Security Levels 2, 3, and 4, the vendor shall specify whether the type of authentication is identity-based or role-based for each of the roles listed in VE14.05.01. The vendor shall specify the authentication data required for each role (see AS03.17, AS03.19 and AS03.23). The vendor shall specify the strength of corresponding authentication mechanisms (see AS03.24, AS03.25, and AS03.28).

VE14.05.03

VE14.05.03: The vendor shall utilize the tabular formats specified in Appendix C of FIPS PUB 140-2.

AS14.06: (Levels 1, 2, 3, and 4)The cryptographic module shall specify an access control policy. The specification shall be of sufficient detail to identify the cryptographic keys and CSPs the operator has access to while performing a service, and the type(s) of access the operator has to these parameters.
Note: This assertion is not separately tested.

AS14.07: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall be included in the documentation provided by the vendor.

The security policy shall specify:

  • all roles supported by the cryptographic module,
  • all services provided by the cryptographic module,
  • all cryptographic keys and CSPs employed by the cryptographic module, including
    • secret, private, and public cryptographic keys (both plaintext and encrypted),
    • authentication data such as passwords or PINs, and
    • other security-relevant information (e.g., audited events and audit data),
  • for each role, the services an operator is authorized to perform within that rBold textole, and
  • for each service within each role, the type(s) of access to the cryptographic keys and CSPs.


VE14.07.01

VE14.07.01: The vendor shall specify all services that are provided to an authorized role. This list must include the Show Status Service and all Self-Test Services (see AS03.11). All other authorized roles shall be specified (see AS03.06).

VE14.07.02

VE14.07.02: For each provided service within each authorized role, the vendor shall specify the allowed type(s) of access to security-related information, including secret and private cryptographic keys (both plaintext and encrypted), authentication data CSPs, and other protected information (see AS01.15).

VE14.07.03

VE14.07.03: The vendor shall utilize the tabular format specified in Appendix C in FIPS PUB 140-2.

AS14.08: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall specify a physical security policy, including:

  • the physical security mechanisms that are implemented in the cryptographic module (e.g., tamper-evident seals, locks, tamper response and zeroization switches, and alarms) and
  • the actions required by the operator(s) to ensure that physical security is maintained (e.g., periodic inspection of tamper-evident seals and zeroization switches).

VE14.08.01

VE14.08.01: The vendor shall specify the physical security mechanisms that are implemented in the cryptographic module.

VE14.08.02

VE14.08.02: The vendor shall specify the actions required by the operator(s) to ensure that physical security is maintained.

AS14.09: (Levels 1, 2, 3, and 4)The cryptographic module security policy shall specify a security policy for mitigation of other attacks, including the security mechanisms implemented to mitigate the attacks.

VE14.09.01

VE14.09.01: The vendor shall specify the security mechanisms of the cryptographic module that are designed to mitigate specific attacks. This specification shall indicate how the implemented mechanism(s) were shown to mitigate the attack(s) and shall describe any limitations of these mechanisms (i.e., specific conditions or circumstances under which the mechanisms are known to be ineffective).

VE14.09.02

VE14.09.02: The vendor shall utilize the tabular format specified in Appendix C in FIPS PUB 140-2.