FBCA CP Section 5.1.2.1, Physical Access For CA Equipment, High, v2.27
Profile of High level of assurance requirements for the Federal Bridge Certificate Authority (FBCA) Certificate Policy (CP), version 2.27, Section 5.1.2.1, Physical Access For CA Equipment.
Identifier |
https://artifacts.trustmarkinitiative.org/lib/tips/fbca-cp-section-5.1.2.1_-physical-access-for-ca-equipment_-high/2.27/
|
Publication Date |
2021-02-04 |
Issuing Organization |
|
Keywords |
PIV-I,
Security,
Identity,
Federal Bridge
|
Legal Notice |
This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.
|
Loading...
Trust Expression:
TD_PKICertificateAuthorityCAEquipmentIsAlwaysProtectedFromUnauthorizedAccess and TD_PKICertificateAuthorityCARemoteWorkstationsAreProtectedFromUnauthorizedAccess and TD_PhysicalAccessSecurityMechanismsAreCommensurateWithLevelofThreat and TD_UnauthorizedaccesstoCAhardwareisnotpermitted and TD_Removablemediaandpapercontainingsensitiveplaintextinformationisstoredinsecurecontainers and TD_Constantmonitoringforunauthorizedphysicalintrusiontosystemequipment and TD_Twopersonphysicalaccesscontroltocryptographicmodules and TD_TwopersonphysicalaccesscontroltoCAsystems and TD_Removablecryptographicmodulesaresecured and TD_CryptographicModuleactivationinformationissecured and TD_SensitivePKICertificateAuthorityCAequipmentissecured and TD_CryptographicModuleactivationdataismemorized and TD_CryptographicModuleactivationdataisrecorded and TD_CryptographicModuleactivationdataissecured and TD_CryptographicModuleactivationdatanotstoredwithassociatedcryptographicmodules and TD_CryptographicModuleactivationdatanotstoredwithremovablehardware and TD_SecuritychecksperformedforunattendedfacilitieshousingPKICAequipment and TD_SecuritychecksperformedforunattendedfacilitieshousingPKICAworkstations and TD_Securitychecksverifyequipmentstate and TD_SecurityChecksVerifySecurityContainersAreProperlySecured and TD_SecurityChecksVerifyPhysicalSecuritySystemsAreFunctioningProperly and TD_SecurityChecksVerifyAreaIsSecuredAgainstUnauthorizedAccess and TD_ResponsibilityForEquipmentPhysicalSecurityChecksIsAssigned and TD_LogMaintainedforPhysicalSecurityChecks and TD_Facilitysignoutsheet and TD_Protectioninplaceondeparturefromfacility
References (26)
TD
Unauthorized access to CA hardware is not permitted, v1.0
|
Description |
This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for control of physical ingress and egress as related to overall physical and environmental protection requirements. |
ID |
TD_UnauthorizedaccesstoCAhardwareisnotpermitted |
Provider Reference |
|
TD
Removable cryptographic modules are secured, v1.0
|
Description |
This Trustmark Definition defines conformance and assessment criteria for compliance with requirements for securing cryptographic modules. |
ID |
TD_Removablecryptographicmodulesaresecured |
Provider Reference |
|
TD
Cryptographic Module activation information is secured, v1.0
|
Description |
This Trustmark Definition defines conformance and assessment criteria for compliance with requirements for securing cryptographic module activation data. |
ID |
TD_CryptographicModuleactivationinformationissecured |
Provider Reference |
|
TD
Cryptographic Module activation data is memorized, v1.0
|
Description |
This Trustmark Definition defines conformance and assessment criteria for compliance with security requirements for the memorization of cryptographic module activation data. |
ID |
TD_CryptographicModuleactivationdataismemorized |
Provider Reference |
|
TD
Cryptographic Module activation data is recorded, v1.0
|
Description |
This Trustmark Definition defines conformance and assessment criteria for compliance with security requirements for the recording of cryptographic module activation data. |
ID |
TD_CryptographicModuleactivationdataisrecorded |
Provider Reference |
|
TD
Cryptographic Module activation data is secured, v1.0
|
Description |
This Trustmark Definition defines conformance and assessment criteria for compliance with security requirements for securing cryptographic module activation data. |
ID |
TD_CryptographicModuleactivationdataissecured |
Provider Reference |
|
TD
Cryptographic Module activation data not stored with removable hardware, v1.0
|
Description |
This Trustmark Definition defines conformance and assessment criteria for storing cryptographic module activation data separate from removable hardware associated with remote workstations used to administer the CA. |
ID |
TD_CryptographicModuleactivationdatanotstoredwithremovablehardware |
Provider Reference |
|
TD
Security checks verify equipment state, v1.0
|
Description |
Addresses the requirement for security checks to verify equipment state related to cryptographic modules. |
ID |
TD_Securitychecksverifyequipmentstate |
Provider Reference |
|
TD
Facility sign-out sheet, v1.0
|
Description |
Addresses the requirement for the last person who departs the facility to initial a sign-out sheet indicating the time and date. |
ID |
TD_Facilitysignoutsheet |
Provider Reference |
|
TD
Protection in place on departure from facility, v1.0
|
Description |
Addresses the requirement for the last person who departs the facility to initial a sign-out sheet asserting that all necessary physical protection mechanisms are in place and activated. |
ID |
TD_Protectioninplaceondeparturefromfacility |
Provider Reference |
|
Sources (1)
FBCA-CP |
X.509 Certificate Policy For the Federal Bridge Certification Authority (FBCA), Version 2.27. December 2, 2013. |
Loading…