• No results found

CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "CPA SECURITY CHARACTERISTIC DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

44335885 Page 1 of 6

CPA SECURITY CHARACTERISTIC

DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES

Version 1.1

(2)

CPA SECURITY CHARACTERISTIC: DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Page 2 of 6

About this document

This document describes the features, testing and deployment requirements necessary to meet CPA certification for Data at Rest Encryption: Always-on Mobile Device security products. It is intended for vendors, system architects, developers, evaluation and technical staff operating within the security arena.

The specific testing and deployment requirements are detailed in the Common Criteria document Protection Profile for Mobile Device Fundamentals Version 2.0 [A].

Document history

The CPA Authority may review, amend, update, replace or issue new Scheme Documents as may be required from time to time. Soft copy location: DiscoverID <44335885>

Version Date Description

1.0 October 2014 Initial release

1.1 December 2014 Minor changes following external review

Contact CESG

This document is authorised by: Technical Director (Assurance), CESG. For queries about this document please contact:

CPA Administration Team CESG, Hubble Road Cheltenham

Gloucestershire GL51 0EX, UK

Email: cpa@cesg.gsi.gov.uk

(3)

CPA SECURITY CHARACTERISTIC: DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Page 3 of 6

Contents

Section 1 Overview ... 4

1.1 Introduction ... 4

1.2 Mapping to the Common Criteria Protection Profile ... 4

1.3 Product description ... 4

Section 2 Additional Mandatory Requirements ... 5

(4)

CPA SECURITY CHARACTERISTIC: DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Page 4 of 6

Section 1

Overview

1.1

Introduction

The NIAP Protection Profile for Mobile Device Fundamentals Version 2.0 document [A] describes a set of requirements for mobile devices that can be certified through the Common Criteria scheme. The document you are now reading is a CPA Security Characteristic that:

 Provides a route to awarding a Foundation Grade certification for ‘data at rest encryption’ products used by ‘always on mobile devices’, which already have CC certification.

 Highlights those requirements which are listed in the Protection Profile for Mobile Device

Fundamentals as ‘extended’ or ‘optional’, but which are mandatory in products that are to be successfully assessed against this SC

This Security Characteristic aligns with guidance from the UK Government’s End User Device (EUD) Security Framework [B].

1.2

Mapping to the Common Criteria Protection Profile

Mobile device products successfully certified via the Common Criteria, against the Protection Profile for Mobile Device Fundamentals, can be additionally awarded Foundation Grade Certification for their data at rest encryption element. This additional certification can be achieved by the product vendor informing the CPA Authority of the Common Criteria certification and providing evidence to show that

assessment successfully verified that the product met the extended Protection profile requirements listed in Section 2 of this document. Once the CPA Authority have confirmed the vendor’s assertions, the product will be awarded a Foundation Grade certification against this Security Characteristic. The product must be provided with suitable Security Procedures which describe how to securely provision, configure, operate, maintain and dispose of the evaluated device. These are expected to be short, and may refer to other documents (such as vendor guidance) as necessary.

1.3

Product description

The aim of the security products relevant to this Security Characteristic is to maintain the

confidentiality of data stored on an ‘always-on’ mobile device by encrypting the data and providing controlled access to it. This protects the data if the mobile device is lost or stolen. However, it cannot protect against certain attacks, such as a lost or stolen device being accessed by a third party before the automatic lock has activated.

Furthermore, the product may provide the ability to verify the integrity of the data, but is not able to prevent its physical destruction.

(5)

CPA SECURITY CHARACTERISTIC: DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Page 5 of 6

Section 2

Additional Mandatory Requirements

Section 4.1.2 of the Protection Profile for Mobile Device Fundamentals specifies additional optional

requirements for protected storage on the device. For this Security Characteristic, those requirements (below) must be implemented and successfully assessed for a product to be awarded Foundation Grade certification.

Protection Profile Requirements Description

FDP_DAR_EXT.2.1 The TSF shall provide a mechanism for applications to mark data and keys as sensitive.

FDP_DAR_EXT.2.2 The TSF shall use an asymmetric key scheme to encrypt and store sensitive data received while the product is locked.

FDP_DAR_EXT.2.3 The TSF shall encrypt any stored symmetric key and any stored private key of the asymmetric key(s) used for the protection of sensitive data according to FCS_STG_EXT.2 selection 2.

FDP_DAR_EXT.2.4 The TSF shall decrypt the sensitive data that was received while in the locked state upon transitioning to the unlocked state using the asymmetric key scheme and shall re-encrypt that sensitive data using the symmetric key scheme.

(6)

CPA SECURITY CHARACTERISTIC: DATA AT REST ENCRYPTION: ALWAYS-ON MOBILE DEVICES Page 6 of 6

Appendix A

References

Label Title Version Date Location

[A] Protection Profile for Mobile Device

Fundamentals 2.0 September 2014 www.niap-ccevs.org/pp/PP_MD_v2.0/ [B] End User Devices Security and Configuration

Guidance

October 2014

www.gov.uk/government/collections/end-user-devices-security-guidance

References

Download now ( PDF - 6 Page - 400.36 KB )

Related documents

Grand Theft Auto IV

Like previous games in the Grand Theft Auto series, Grand Theft Auto IV features a soundtrack that can be heard through radio stations while the player is in a vehicle.. Liberty

Roland GX_24

If you perform this adjustment, the distance between the Tool and the Crop Mark Sensor can be calibrated more preciselly than [4-7 Auto Tool/Crop Mark Sensor Position Adjustment]..

Issuers in Default. Current Date as of March 26, 2021

Esrey Resources Ltd... Morgan

Euchlorocystis gen. nov and Densicystis gen. nov., Two New Genera of Oocystaceae Algae from High-altitude Semi-saline Habitat (Trebouxiophyceae, Chlorophyta)

The Oocystaceae family, with the type genus Oocystis, is generally considered to be a kind of common freshwa- ter coccal microalgae with the distinctive morphology of oval or

Taxation by Auction: Fund-Raising by 19th Century Indian Guilds

compare the auction mechanism to conventional forms of taxation and show that under certain conditions, not only will a majority of the guild members prefer to be taxed via the

Effectiveness of Regulatory Structure in the Power Sector of Pakistan

The electricity sector in Pakistan in the post-1958 period is dominated by two vertically integrated publicly owned utilities, Water and Power Development Authority (WAPDA)

66265657 Go With the Flow Gloria Copeland

Believer's Voice of Victory Television Broadcast Join Kenneth and Gloria Copeland and the Believer's Voice of Victory broadcasts Monday through Friday and

Effects of predation pressure and prey density on short-term indirect interactions between two prey species that share a common predator

Laboratory cage experiments investigated the impact of the combined consumptive and non-consumptive effects of predation by adult Hippodamia convergens as a shared predator on