This section specifies the security requirements that are applicable to CIMC functionality, such as key management, certificate registration, and CIMC configuration and management functions.
Note that the iteration identifiers in this section are consistent with the CIMC-BR-PP and as such include reference to those CIMC-BR-PP requirements for the IT environment (as opposed to the target of evaluation) reproduced in section and not necessarily considered requirements in the context of this security target.
Table B.2. CIMC Target of Evaluation Functional Security Requirements
| Security Functional Class | Security Functional Components | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Security Audit (FAU) |
| ||||||||||||
| Communication (FCO) |
| ||||||||||||
| Cryptographic support (FCS) |
| ||||||||||||
| User Data Protection (FDP) |
| ||||||||||||
| Identification and authentication (FIA) |
| ||||||||||||
| Security management (FMT) |
| ||||||||||||
| Protection of the target security functions (FPT) |
|
FAU_GEN.1 Audit data generation (iteration 2)
- FAU_GEN.1.1
- The target security functions shall be able to generate an audit record of the following auditable events:
- Startup and shutdown of the audit functions
- All auditable events for the [minimum] level of audit logging
- [The events listed in Table B.3, “Auditable Events and Audit Data”]
- FAU_GEN.1.2
- The target security functions shall record within each audit record at least the following information:
- Date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure) of the event
- For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [the information specified in the "Additional Details" column in Table B.3, “Auditable Events and Audit Data”]. Additionally, the audit shall not include plaintext private or secret keys or other critical security parameters.
Table B.3. Auditable Events and Audit Data
| Section/Function | Component | Event | Additional Details | ||
|---|---|---|---|---|---|
| Security Audit | FAU_GEN.1 Audit data generation (iteration 2) | Any changes to the audit parameters, such as audit frequency, type of event audited, or an attempt to delete the audit log | |||
| FPT_CIMC_TSP.1 | Audit log signing event | Digital signature, keyed hash, or authentication code shall be included in the audit log. | |||
| Local Data Entry | All security-relevant data that is entered in the system | The identity of the data entry individual if the entered data is linked to any other data, such as clicking an accept button. This shall be included with the accepted data. | |||
| Remote Data Entry | All security-relevant messages that are received by the system | ||||
| Data Export and Output | All successful and unsuccessful requests for confidential and security-relevant information | ||||
| Key Generation | FCS_CKM.1 Cryptographic Key Generation | Whenever the target security functions requests generation of a cryptographic key. (Not mandatory for single session or one-time use symmetric keys.) | The public component of any asymmetric key pair generated | ||
| Private Key Load | The loading of Component private keys | ||||
| Private Key Storage | All access to certificate subject private keys retained within the target of evaluation for key recovery purposes | ||||
| Trusted Public Key Entry, Deletion and Storage | All changes to the trusted public keys, including additions and deletions | The public key and all information associated with the key | |||
| Secret Key Storage | The manual entry of secret keys used for authentication | ||||
| Private and Secret Key Export |
| The export of private and secret keys (keys used for a single session or message are excluded) | |||
| Certificate Registration | FDP_CIMC_CER.1 Certificate Generation | All certificate requests | If accepted, a copy of the certificate. If rejected, the reason for rejection, such as invalid data or the request was rejected by an officer. | ||
| Certificate Status Change Approval | All requests to change the status of a certificate | Whether the request was accepted or rejected. | |||
| CIMC Configuration | Any security-relevant changes to the configuration of the target security functions. | ||||
| Certificate Profile Management | FMT_MOF_CIMC.3 Extended certificate profile management | All changes to the certificate Profile | The changes made to the Profile | ||
| Revocation Profile Management | All changes to the revocation profile | The changes made to the Profile | |||
| Certificate Revocation List Profile Management | FMT_MOF_CIMC.5 Extended certificate revocation list profile management | All changes to the certificate revocation list profile | The changes made to the profile | ||
| Online Certificate Status Protocol (OCSP) Profile Management | FMT_MOF_CIMC.6 OCSP Profile Management | All changes to the OCSP profile | The changes made to the Profile |
FAU_GEN.2 User identity association (iteration 2)
- FAU_GEN.2.1
- For audit events resulting from actions of identified users, the target security functions shall be able to associate each auditable event with the identity of the user that caused the event.
FAU_SEL.1 Selective audit (iteration 2)
- FAU_SEL.1.1
- The target security functions shall be able to select the set of audited events from the set of all auditable events based on the following attributes:
- [event type]
- [no additional attributes]
FAU_STG.1 Protected audit trail storage (iteration 2)
- FAU_STG.1.1
- The target security functions shall protect the stored audit records in the audit trail from unauthorized deletion.
- FAU_STG.1.2
- The target security functions shall be able to [detect] unauthorized modifications to the stored audit records in the audit trail.
FAU_STG.4 Prevention of audit data loss (iteration 2)
- FAU_STG.4.1
- The target security functions shall [prevent audited events, except those taken by the auditor,] and [no other action], if the audit trail is full.