B.4.2. Security Objectives for the Environment

This section specifies the security objectives for the environment.
O. Administrators, Operators, Officers, and Auditors Guidance Documentation
Deter administrator, operator, officer, or auditor errors by providing adequate documentation on securely configuring and operating the CIMC.
O. Auditors Review Audit Logs
Identify and monitor security-relevant events by requiring auditors to review audit logs on a frequency sufficient to address level of risk.
O. Authentication Data Management
Ensure that users change their authentication data at appropriate intervals and to appropriate values, such as proper lengths, histories, and variations through enforced authentication data management. This objective is not applicable to biometric authentication data.
O. Communications Protection
Protect the system against a physical attack on the communications capability by providing adequate physical security.
O. Competent Administrators, Operators, Officers and Auditors
Provide capable management of the target of evaluation by assigning competent administrators, operators, officers, and auditors to manage the target of evaluation and the security of the information it contains.
O. Certificate Policies and Certification Practices Statements
All administrators, operators, officers, and auditors shall be familiar with the certificate policy (CP) and the certification practices statement (CPS) under which the target of evaluation is operated.
O. Disposal of Authentication Data
Provide proper disposal of authentication data and associated privileges after access has been removed, such as for a job termination or a change in responsibility.
O. Installation
Those responsible for the target of evaluation must ensure that the target of evaluation is delivered, installed, managed, and operated in a manner which maintains IT security.
O. Malicious Code Not Signed
Protect the target of evaluation from malicious code by ensuring all code is signed by a trusted entity prior to loading it into the system.
O. Notify Authorities of Security Issues
Notify proper authorities of any security issues that impact their systems to minimize the potential for the loss or compromise of data.
O. Physical Protection
Those responsible for the target of evaluation must ensure that the security-relevant components of the target of evaluation are protected from physical attack that might compromise IT security.
O. Social Engineering Training
Provide training for general users, administrators, operators, officers, and auditors in techniques to thwart social engineering attacks.
O. Cooperative Users
Ensure that users are cooperative so that they can accomplish some task or group of tasks that require a secure IT environment and information managed by the target of evaluation.
O. Lifecycle Security
Provide tools and techniques used during the development phase to ensure security is designed into the CIMC. Detect and resolve flaws during the operational phase.
O. Repair Identified Security Flaws
The vendor repairs security flaws that have been identified by a user.
O. Cryptographic Functions
The target of evaluation must implement approved cryptographic algorithms for encryption/decryption, authentication, and signature generation/verification; approved key generation techniques and use validated cryptographic modules. (Validated is defined as FIPS 140-2 validated.)
O. Operating System
The operating system used is validated to provide adequate security, including domain separation and non-bypassability, in accordance with security requirements recommended by the National Institute of Standards and Technology.
O. Periodically Check Integrity
Provide periodic integrity checks on both system and software.
O. Security Roles
Maintain security-relevant roles and the association of users with those roles.
O. Social Engineering Training
Provide training for general users, administrators, operators, officers, and auditors in techniques to thwart social engineering attacks.
O. Sufficient Backup Storage and Effective Restoration
Provide sufficient backup storage and effective restoration to ensure that the system can be recreated.
O. Validation of Security Function
Ensure that security-relevant software, hardware, and firmware are correctly functioning through features and procedures.
O. Trusted Path
Provide a trusted path between the user and the system. Provide a trusted path to security-relevant (target security functions) data in which both end points have assured identities