proposed sfr updates to hcd pp for version 1 1 i new
play

Proposed SFR Updates to HCD PP for Version 1.1 I. New Proposed - PDF document

Nov 01, 2022 •315 likes •541 views

Proposed SFR Updates to HCD PP for Version 1.1 I. New Proposed Changes Key: Proposed changes are in red. FAU_GEN.1 Audit data generation FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following auditable events: a) Start-up

  1. Proposed SFR Updates to HCD PP for Version 1.1 I. New Proposed Changes Key: Proposed changes are in red. FAU_GEN.1 Audit data generation FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following auditable events: a) Start-up and shutdown of the audit functions; b) All auditable events for the not specified level of audit; c Resetting passwords (name of related user account shall be logged) (Version 1.1); and d) All auditable events specified in Table 1, [assignment: other specifically defined auditable events ]. FAU_STG_EXT.1 Extended: External Audit Trail Storage FAU_STG_EXT.1.1 The TSF shall be able to transmit the generated audit data to an External IT Entity using a trusted channel according to FTP_ITC.1. FAU_STG_EXT.1.2 The TSF shall be able to store generated audit data on the TOE itself. FAU_STG_EXT.1.3 The TSF shall [selection: drop new audit data, overwrite previous audit records according to the following rule: [assignment: rule for overwriting previous audit records], [assignment: other action]] when the local storage space for audit data is full. FMT_MTD.1/CryptoKeys Management of TSF data FMT_MTD.1.1/CryptoKeys The TSF shall restrict the ability to manage the cryptographic keys to Security Administrators. FPT_STM_EXT.1 Extended: Reliable Time Stamps FPT_STM_EXT.1.1 The TSF shall be able to provide reliable time stamps. FPT_STM_EXT.1.2 The TSF shall [selection: allow the Security Administrator to set the time, synchronise time with external time sources]. FTA_SSL.3 TSF-initiated termination FTA_SSL.3.1 The TSF shall terminate an interactive session after a Security Administrator-configurable time interval of session inactivity. FCS_HTTPS_EXT TSF-initiated termination FCS_HTTPS_EXT.1.1 The TSF shall implement the HTTPS protocol that complies with RFC 2818. FCS_HTTPS_EXT.1.2 The TSF shall implement HTTPS using TLS as specified in FCS_TLS_EXT.1. FCS_HTTPS_EXT.1.3 If a peer certificate is presented, the TSF shall [selection: not require client authentication, not establish the connection, request authorization to establish the connection, [assignment: other action] ]] if the peer certificate is deemed invalid. FCS_IPSEC_EXT Extended: IPsec selected FCS_IPSEC_EXT.1.11 The TSF shall generate the secret value x used in the IKE DiffieHellman key exchange (“x” in g^x mod p) using the random bit generator specified in FCS_RBG_EXT.1, and having a 1

  2. Proposed SFR Updates to HCD PP for Version 1.1 length of at least [ assignment: (one or more) number(s) of bits that is at least twice the security strength of the negotiated Diffie-Hellman group ] bits. FCS_IPSEC_EXT.1.12 The TSF shall generate nonces used in [selection: IKEv1, IKEv2] exchanges of length [selection: • [assignment: security strength associated with the negotiated Diffie-Hellman group]; • at least 128 bits in size and at least half the output size of the negotiated pseudorandom function (PRF) hash ] . FCS_IPSEC_EXT.1.13 The TSF shall be able to ensure by default that the strength of the symmetric algorithm (in terms of the number of bits in the key) negotiated to protect the [selection: IKEv1 Phase 1, IKEv2 IKE_SA] connection is greater than or equal to the strength of the symmetric algorithm (in terms of the number of bits in the key) negotiated to protect the [selection: IKEv1 Phase 2, IKEv2 CHILD_SA] connection. FCS_IPSEC_EXT.1.14 The TSF shall only establish a trusted channel if the presented identifier in the received certificate matches the configured reference identifier, where the presented and reference identifiers are of the following types: [selection: IP address, Fully Qualified Domain Name (FQDN), user FQDN, Distinguished Name (DN)] and [selection: no other reference identifier type, [ assignment: other supported reference identifier types ]]. FCS_TLS_EXT.1 Extended: TLS selected (TLS Client) FCS_TLS_EXT.1.1 Same as current HCD PP FCS_TLS_EXT.1.1 FCS_TLSC_EXT.1.2 The TSF shall only establish a trusted channel if the server certificate is valid. If the server certificate is deemed invalid, then the TSF shall [selection: not establish the connection, request authorization to establish the connection, [assignment: other action] ] FCS_TLSC_EXT.1 TLS Server Protocol FCS_TLS_EXT.1.1 The TSF shall implement one or more of the following protocols [selection: TLS 1.0 (RFC 2246), TLS 1.1 (RFC 4346), TLS 1.2 (RFC 5246) ] supporting the following ciphersuites: Mandatory Ciphersuites: • TLS_RSA_WITH_AES_128_CBC_SHA Optional Ciphersuites: [selection: • None • TLS_RSA_WITH_AES_256_CBC_SHA • TLS_DHE_RSA_WITH_AES_128_CBC_SHA • TLS_DHE_RSA_WITH_AES_256_CBC_SHA • TLS_RSA_WITH_AES_128_CBC_SHA256 • TLS_RSA_WITH_AES_256_CBC_ SHA256 • TLS_DHE_RSA_WITH_AES_128_CBC_ SHA256 • TLS_DHE_RSA_WITH_AES_256_CBC_ SHA256 • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ]. 2

  3. Proposed SFR Updates to HCD PP for Version 1.1 FCS_TLSS_EXT.1.2 The TSF shall [selection: perform RSA key establishment with key size [selection: 2048 bits, 3072 bits, 4096 bits]; generate EC Diffie-Hellman parameters over NIST curves [selection: secp256r1, secp384r1, secp521r1] and no other curves; generate DiffieHellman parameters of size [selection: 2048, bits, 3072 bits]]. FCS_TLSS_EXT.1.3 The TSF shall not establish a trusted channel if the client certificate is invalid. If the client certificate is deemed invalid, then the TSF shall [selection: not establish the connection, request authorization to establish the connection, [assignment: other action] ]. FPT_APW_EXT Protection of Administrator Passwords FPT_APW_EXT.1.1 The TSF shall store passwords in non-plaintext form. FPT_APW_EXT.1.2 The TSF shall prevent the reading of plaintext passwords. FPT_TUP_EXT Extended: Trusted Update FPT_TUD_EXT.1 Trusted Update FPT_TUD_EXT.1.1 The TSF shall provide authorized administrators the ability to query the current version of the TOE firmware/software. FPT_TUD_EXT.1.2 The TSF shall provide authorized administrators the ability to initiate updates to TOE firmware/software. FPT_TUD_EXT.1.3 The TSF shall provide a means to verify firmware/software updates to the TOE using a digital signature mechanism and [selection: published hash , no other functions ] prior to installing those updates. 3

  4. Proposed SFR Updates to HCD PP for Version 1.1 FPT_TUD_EXT.2 Trusted Update based on certificates FPT_TUD_EXT.2.1 The TSF shall not install an update if the code signing certificate is deemed invalid. FCS_COP.1(e) Cryptographic Operation (Key Transport) FCS_COP.1.1(e) Refinement: The TSF shall perform [ key transport ] in accordance with a specified cryptographic algorithm [ RSA in the following modes [selection: KTS-OAEP, KTS-KEM-KWS] ] and the cryptographic key size [ selection: 2048 bits, 3072 bits ] that meet the following: [ NIST SP 800-56B, Revision 1 ]. FCS_COP.1(d) Cryptographic Operation (Key Wrapping) FCS_COP.1.1(d) Refinement: The TSF shall perform [ key wrapping ] in accordance with a specified cryptographic algorithm [ AES ] in the following modes [selection: KW, KWP, GCM, CCM] and the cryptographic key size [ selection: 128 bits, 256 bits ] that meet the following: [ AES as specified in ISO/IEC 18033-3, [selection: NIST SP 800-38F, ISO/IEC 19772, no other standards] ] FCS_PCC_EXT.1 Extended: Cryptographic Password Construct and Conditioning FCS_PCC_EXT.1.1 A password used by the TSF to generate a password authorization factor shall enable up to [ assignment: positive integer of 64 or more ] characters in the set of {upper case characters, lower case characters, numbers, and [ assignment: other supported special characters ]} and shall perform Password-based Key Derivation Functions in accordance with a specified cryptographic algorithm HMAC- [selection: SHA-256, SHA-512], with [ assignment: positive integer of 1000 or more ] iterations, and output cryptographic key sizes [selection: 128 bits, 256 bits] that meet the following: [ NIST SP 800-13 ]. 4

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

REDUCED FEE PROGRAM PROPOSED UPDATES Reduced Fee Program Proposed Updates TEAM Janice Saeger,

REDUCED FEE PROGRAM PROPOSED UPDATES Reduced Fee Program Proposed Updates TEAM Janice Saeger,

City of Fort Collins Recreation Department REDUCED FEE PROGRAM PROPOSED UPDATES Reduced Fee Program Proposed Updates TEAM Janice Saeger, Financial Analyst & Team Lead Emily Frare, Publicity/Marketing Tech Ashley Ruffer, Social & Event

465 views • 20 slides
NFS Version 4 Workgroup Directions Remaining Work NFS Version 4 Protocol Proposed

NFS Version 4 Workgroup Directions Remaining Work NFS Version 4 Protocol Proposed

NFS Version 4 Workgroup Directions Remaining Work NFS Version 4 Protocol Proposed Standard Draft Standard Apotheosis NFS Version 4 Implementation Choices document Spencer The Implementations To Do Sun Java and

665 views • 22 slides
Proposed Updates To LArSoft: LArEventDisplay LArReco Tracy Usher LArSoft Coordination

Proposed Updates To LArSoft: LArEventDisplay LArReco Tracy Usher LArSoft Coordination

Proposed Updates To LArSoft: LArEventDisplay LArReco Tracy Usher LArSoft Coordination Meeting January 15, 2019 Executive Summary Proposed update to LArEventDisplay covers three general areas Updates to support visualization of

360 views • 17 slides
Proposed Lead and Copper Rule Revisions Overview Version: March 2020 1 Agenda Proposed

Proposed Lead and Copper Rule Revisions Overview Version: March 2020 1 Agenda Proposed

Proposed Lead and Copper Rule Revisions Overview Version: March 2020 1 Agenda Proposed Revisions Highlights Background Science Advisory Board Summary of the Proposed Rule Key Areas and Proposed Revisions Next Steps

466 views • 23 slides
QBE Query-By-Example provides a visual interface for queries and updates a version

QBE Query-By-Example provides a visual interface for queries and updates a version

QBE Query-By-Example provides a visual interface for queries and updates a version supported by Microsoft Access (Graphical QBE) Examples: movie database queries Find the titles of currently playing movies schedule

664 views • 7 slides
Proposed Updates to Nursing Home Chapter of State Health Plan COMAR 10.24.08 Presentation to

Proposed Updates to Nursing Home Chapter of State Health Plan COMAR 10.24.08 Presentation to

Proposed Updates to Nursing Home Chapter of State Health Plan COMAR 10.24.08 Presentation to Nursing Home Work Group March 1, 2018 Proposed Chapter Revisions 2 Simplifying the CON Process Issues Current NH Chapter Proposed NH Chapter Goal

553 views • 14 slides
RailML Updates Proposed updates for electrification data in the areas of Rollingstock and

RailML Updates Proposed updates for electrification data in the areas of Rollingstock and

RailML Updates Proposed updates for electrification data in the areas of Rollingstock and Infrastructure in the areas of Rollingstock and Infrastructure Dr.-Ing.Jrg von Lingen RailML Updates List of required data for railway infrastructure

236 views • 8 slides
Proposed presentation of data for ICU-ROX. Version 1 was posted online on 21 November 2017 (prior

Proposed presentation of data for ICU-ROX. Version 1 was posted online on 21 November 2017 (prior

Proposed presentation of data for ICU-ROX. Version 1 was posted online on 21 November 2017 (prior to the interim analysis which occurred when the 500 th participant reached day 28). Version 2 was posted online on 15 May 2018 (prior to completion

535 views • 16 slides
Fonctionnalits de la version 11 Nouveauts de la version 12 Version 11 and version 12 in a

Fonctionnalits de la version 11 Nouveauts de la version 12 Version 11 and version 12 in a

Fonctionnalits de la version 11 Nouveauts de la version 12 Version 11 and version 12 in a nutshell Fracture mechanics Non-linear constitutive laws Linear and non-linear dynamics Numerical methods Architecture, ergonomics, performances

407 views • 36 slides
Consultation Workshop Proposed SEND funding arrangements Version 0.2 Outcomes for the workshop

Consultation Workshop Proposed SEND funding arrangements Version 0.2 Outcomes for the workshop

SEND Service Consultation Workshop Proposed SEND funding arrangements Version 0.2 Outcomes for the workshop Explain the current system for funding SEND, nationally and Locally Explain the proposed changes to additional and

581 views • 20 slides
County Directors Call May 2, 2016 1 Proposed Updates to P3 Timeline* The project Executive

County Directors Call May 2, 2016 1 Proposed Updates to P3 Timeline* The project Executive

North Carolina Department of Health & Human Services County Directors Call May 2, 2016 1 Proposed Updates to P3 Timeline* The project Executive Advisory Committee (EAC) has tentatively accepted the updated timeline shown below. An

240 views • 11 slides
2019 ONE YEAR PLAN Open House Purpose Objectives Proposed Updates

2019 ONE YEAR PLAN Open House Purpose Objectives Proposed Updates

2019 ONE YEAR PLAN Open House Purpose Objectives Proposed Updates Timeline Online Maps Land Use Plan Maps One Year Plan / Sector Plan Conflict Map Proposed One Year Plan Map Proposed Sector

92 views • 6 slides
SUPPORTIVE CARE NATIONAL COMPREHENSIVE CANCER NETWORK (NCCN) ANTIEMETIC GUIDELINE UPDATES, VERSION

SUPPORTIVE CARE NATIONAL COMPREHENSIVE CANCER NETWORK (NCCN) ANTIEMETIC GUIDELINE UPDATES, VERSION

SUPPORTIVE CARE NATIONAL COMPREHENSIVE CANCER NETWORK (NCCN) ANTIEMETIC GUIDELINE UPDATES, VERSION 3.2018 MEENAKSHI SHELAT, PHARMD, BCOP DARTMOUTH-HITCHCOCK MEDICAL CENTER NOVEMBER 2018 DISCLOSURES I have nothing to disclose related to the

596 views • 24 slides
Minneapolis Staple Foods Ordinance: Updates and proposed revisions Presented to the Public

Minneapolis Staple Foods Ordinance: Updates and proposed revisions Presented to the Public

Minneapolis Staple Foods Ordinance: Updates and proposed revisions Presented to the Public Health, Environment, Civil Rights, and Engagement Committee Kristen Klingler, Minneapolis Health Department Dr. Melissa Laska, University of Minnesota

505 views • 26 slides
Immediate Multi-Threaded Dynamic Software Updates Using Stack Reconstruction Kristis Makris

Immediate Multi-Threaded Dynamic Software Updates Using Stack Reconstruction Kristis Makris

Immediate Multi-Threaded Dynamic Software Updates Using Stack Reconstruction Kristis Makris Rida A. Bazzi {makristis,bazzi}@asu.edu 1 Motivation Software update problem: replace old version with new version Traditional

584 views • 42 slides
Updates since 12/7/17 Budget Meeting February 15, 2018 Governors Proposed Budget

Updates since 12/7/17 Budget Meeting February 15, 2018 Governors Proposed Budget

Updates since 12/7/17 Budget Meeting February 15, 2018 Governors Proposed Budget Foundation Aid increase of $5,447 (guaranteed min. of 0.25%) Original Phase-in Amount due to CHUFSD in 2018-2019 = $3,482,530 Amount projected to

290 views • 17 slides
WHAT DOES FAIR PRESENTATION MEAN FOR YOUR BUSINESS? 1. INTRODUCTION This Guide has been

WHAT DOES FAIR PRESENTATION MEAN FOR YOUR BUSINESS? 1. INTRODUCTION This Guide has been

WHAT DOES FAIR PRESENTATION MEAN FOR YOUR BUSINESS? 1. INTRODUCTION This Guide has been produced to help you Buyers of commercial insurance understand Fair Presentation and prepare should be aware of the Insurance for the new

282 views • 4 slides
XYPRO Technology Corporation Compliance, Auditing and Alerts Sean Bicknell XYPRO XYGATE and

XYPRO Technology Corporation Compliance, Auditing and Alerts Sean Bicknell XYPRO XYGATE and

XYPRO Technology Corporation Compliance, Auditing and Alerts Sean Bicknell XYPRO XYGATE and XYPRO are registered trademarks of XYPRO Technology Corporation. All other brand or product names, trademarks, or registered trademarks are

314 views • 19 slides
11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information Security Webinar Storage of Classified Information Host: Treva Alexander, SAPPC Information Security Course Manager, DSS - CDSE Gained experience in

329 views • 14 slides
FY 2017 audit update by Victorian Auditor-General's Office for FY17 Accounting No

FY 2017 audit update by Victorian Auditor-General's Office for FY17 Accounting No

FinPro - Professional development seminar FY 2017 audit update by Victorian Auditor-General's Office for FY17 Accounting No changes! Disclosures AASB 124 application &model accounts changes(PP&E note). Performance

272 views • 13 slides
Team L5 Automation Practices in Large Molecule Bioanalysis Ago Ahene Claudio Calonder

Team L5 Automation Practices in Large Molecule Bioanalysis Ago Ahene Claudio Calonder

Team L5 Automation Practices in Large Molecule Bioanalysis Ago Ahene Claudio Calonder Scott Davis Joseph Kowalchick Takahiro Nakamura Parya Nouri Igor Vostiar Jin Wang Yang Wang Scope Pros and Cons

617 views • 50 slides
Open Source ETD Submission Software AN UPDATE ON THE WELLER ETD PROJECT Presented by: Caitlin

Open Source ETD Submission Software AN UPDATE ON THE WELLER ETD PROJECT Presented by: Caitlin

Open Source ETD Submission Software AN UPDATE ON THE WELLER ETD PROJECT Presented by: Caitlin Bakker, Peter Hvezda, Daniel Yule and James MacDonald 16 th International Symposium on Electronic Thesis and Dissertations - September 2013

629 views • 14 slides
Webinar r Elec ectio ions: Befor ore t e the Door oors O Open en Feb. 11, 11, 2 202

Webinar r Elec ectio ions: Befor ore t e the Door oors O Open en Feb. 11, 11, 2 202

Webinar r Elec ectio ions: Befor ore t e the Door oors O Open en Feb. 11, 11, 2 202 020 Webinar - Elections: Before the Doors Open - Feb. 11, 2020 Ms. Christina Worrell Adkins, Legal Director, Elections Division, Texas Office of

319 views • 13 slides
Investor Presentation September 2017 Forward-looking Information This presentation contains

Investor Presentation September 2017 Forward-looking Information This presentation contains

Investor Presentation September 2017 Forward-looking Information This presentation contains forward- looking statements. When used in this presentation, the words will, intend, plan, potential, generate,

808 views • 52 slides

More recommend