| |
Security
Requirements for PKI Components
developing
a validation program for PKI components
The Certificate Issuing and Management Components
(CIMC) Family of Protection Profiles defines requirements for
components that issue, revoke, and manage public key certificates, such
as X.509 public key certificates. A CIMC always includes a Certification
Authority (CA) and may include Registration Authorities (RAs) and other
subcomponents.
A CIMC consists of the hardware, software, and
firmware that are responsible for issuing, revoking, and managing
public key certificates. A CIMC does not include environmental
controls (e.g., controlled access facility, temperature), policies and
procedures, personnel controls (e.g., background checks and security
clearances), and other administrative controls.
Version 1.0 of the
Certificate Issuing and
Management Components Protection Profile is now available in PDF
format. This document
specifies the functional and assurance security requirements for a
CIMC. The intent of this family of Protection Profiles is to ensure
specification of the complete set of requirements for a CIMC and not
the specification of a subset of requirements implemented in a
specific CIMC subcomponent. It includes all the technical features
of a CIMC, regardless of which CIMC subcomponent performs the
function. The document does not differentiate between functions that
are typically performed by a CA and functions that are typically
performed by a RA.
Revision History
- November 3, 1999 - Initial Public
Release Draft (titled Security Requirements for Certificate
Issuing and Management Components).
- December 16, 1999 - Second Public
Release Draft.
- Added sections on TOE Security
Environment and Security Objectives.
- All other sections of the
document remain unchanged from initial public relase
draft.
- March 15, 2000 - Third Public
Release Draft
- This is the first draft of the
Protection Profile in which all functional security requirements
have been written in accordance with the Common Criteria.
- The following aspects of the
Protection Profile are not yet complete:
- The CIMC access control policy
has not yet been written.
- Function security requirements
that are not completely specified and that must be completed
by the Security Target author (i.e., where the document says
"ST assignment") must include some guidance to the ST author.
This guidance has not yet been written.
- May 5, 2000 - Fourth Public Release
Draft
- Added CIMC access control
policy.
- Added "applications notes" to
provide guidance to the ST author on completing functional
security requirements that are not completely specified.
- July 7, 2000 - Fifth Public Release
Draft
- Changed certificate registration
and certificate profile sections to allow for certificate
formats other than X.509.
- Added requirements that apply
when OCSP is used to distribute revocation information.
- Miscellaneous changes based on
reviewers comments.
- September 29, 2000 - Release of Certificate Issuing
and Management Components document for Common Criteria Validation
- January 26, 2001 - Minor editorial revisions.
- September 5, 2001 - More minor editorial revisions.
- Some assumptions, threats, objectives, and
organization security policies were added, removed, or reworded.
- Some functional security requirements were re-worded for
clarification (without changing the meaning of the requirement).
- FIA_AFL.1 was changed to exempt some authentications
performed within FIPS 140-1 validated cryptographic modules from the FIA_AFL.1 requirements.
- For Security Level 2, more cryptographic operations are required
to be performed in FIPS 140-1 level 2 validated cryptographic modules instead of level 1.
- October 31, 2001 - Version 1.0.
- Redefined the TOE boundary. Many functional security requirements that were previously requirements for the TOE are now requirements for the IT environment. Functional security requirements that were moved to the IT environment include those functions that are performed by FIPS 140-1 validated cryptographic modules and those functions typically performed by operating systems.
|
|
