4.7. Implementing a Common Criteria Environment

The Common Criteria for Information Technology Security Evaluation is an international standard that helps to define the security aspects and secure implementations of software and hardware. To receive certification, software is evaluated for security in a defined and controlled environment with clearly delineated configuration and environment parameters. This environment is called the evaluated configuration.
Red Hat Certificate System 8.1 is Common Criteria certified at Evaluation Assurance Level 4 (EAL4).
More information on Common Criteria, evaluation guidelines, and technology security is available at the National Information Assurance Partnership: Common Criteria Evaluation and Validation Scheme website.
Some configuration is required.
As part of the Common Criteria environment, several otherwise optional features in Certificate System are required to be configured:
  • FIPS mode for any hardware security modules used to store key and certification information
  • Both secure client connections and secure server connections with the internal LDAP database (meaning all connections to the Red Hat Directory Server are over SSL)
  • SSL session timeouts for all secure connections
  • Signed audit logging
  • Established backup and restore procedures
  • CRL checking (OCSP validation) for clients
  • sudo permissions to run Certificate System scripts and processes
  • Defined operating systems users and groups for Certificate System subsystems
  • SELinux in enforcing mode
  • Removing unused CA interfaces from the web.xml file
  • Self-test diagnostics, which are enabled by default
These features are listed as part of the installation process and in Chapter 15, After Configuration: Checklist of Configuration Areas for Deploying Certificate System.
The RA is not part of the Common Criteria environment.
All of the Red Hat Certificate System subsystems (CA, DRM, OCSP, TKS, and TPS) were targets of evaluation for the Common Criteria certification process, with the exception of the RA. The RA is not considered part of a Common Criteria-certified environment. If your environment requires only Common Criteria-certified components, then the RA cannot be deployed.