| TIP: FBCA CP Section 5.1.2.1, Physical Access For CA Equipment, Medium

FBCA CP Section 5.1.2.1, Physical Access For CA Equipment, Medium, v2.27

Profile of Medium level of assurance requirements for the Federal Bridge Certificate Authority (FBCA) Certificate Policy (CP), version 2.27, Section 5.1.2.1, Physical Access For CA Equipment.

Identifier

https://artifacts.trustmarkinitiative.org/lib/tips/fbca-cp-section-5.1.2.1_-physical-access-for-ca-equipment_-medium/2.27/

Publication Date

2021-02-04

Issuing Organization

Trustmark Initiative (https://trustmarkinitiative.org/) View Contact

Trustmark Support

help@trustmarkinitiative.org

555-555-5555

No Mailing Address

Keywords

PIV-I, Security, Identity, Federal Bridge

Legal Notice

This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Tree View
Details View

Trust Expression:

TD_PKICertificateAuthorityCAEquipmentIsAlwaysProtectedFromUnauthorizedAccess and TD_PKICertificateAuthorityCARemoteWorkstationsAreProtectedFromUnauthorizedAccess and TD_PhysicalAccessSecurityMechanismsAreCommensurateWithLevelofThreat and TD_UnauthorizedaccesstoCAhardwareisnotpermitted and TD_Removablemediaandpapercontainingsensitiveplaintextinformationisstoredinsecurecontainers and TD_Constantmonitoringforunauthorizedphysicalintrusiontosystemequipment and TD_Twopersonphysicalaccesscontroltocryptographicmodules and TD_TwopersonphysicalaccesscontroltoCAsystems and TD_Removablecryptographicmodulesaresecured and TD_CryptographicModuleactivationinformationissecured and TD_SensitivePKICertificateAuthorityCAequipmentissecured and TD_CryptographicModuleactivationdataismemorized and TD_CryptographicModuleactivationdataisrecorded and TD_CryptographicModuleactivationdataissecured and TD_CryptographicModuleactivationdatanotstoredwithassociatedcryptographicmodules and TD_CryptographicModuleactivationdatanotstoredwithremovablehardware and TD_SecuritychecksperformedforunattendedfacilitieshousingPKICAequipment and TD_SecuritychecksperformedforunattendedfacilitieshousingPKICAworkstations and TD_Securitychecksverifyequipmentstate and TD_SecurityChecksVerifySecurityContainersAreProperlySecured and TD_SecurityChecksVerifyPhysicalSecuritySystemsAreFunctioningProperly and TD_SecurityChecksVerifyAreaIsSecuredAgainstUnauthorizedAccess and TD_ResponsibilityForEquipmentPhysicalSecurityChecksIsAssigned and TD_LogMaintainedforPhysicalSecurityChecks and TD_Facilitysignoutsheet and TD_Protectioninplaceondeparturefromfacility

References (26)

TD PKI Certificate Authority (CA) Equipment Is Always Protected From Unauthorized Access, v1.0
Description	This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for control of physical ingress and egress as related to overall physical and environmental protection requirements.
ID	TD_PKICertificateAuthorityCAEquipmentIsAlwaysProtectedFromUnauthorizedAccess
Provider Reference

TD PKI Certificate Authority (CA) Remote Workstations Are Protected From Unauthorized Access, v1.0
Description	This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for control of physical ingress and egress as related to overall physical and environmental protection requirements.
ID	TD_PKICertificateAuthorityCARemoteWorkstationsAreProtectedFromUnauthorizedAccess
Provider Reference

TD Physical Access Security Mechanisms Are Commensurate With Level of Threat, v1.0
Description	This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for providing physical access security mechanisms commensurate with the level of threat.
ID	TD_PhysicalAccessSecurityMechanismsAreCommensurateWithLevelofThreat
Provider Reference

TD Unauthorized access to CA hardware is not permitted, v1.0
Description	This Trustmark Definition defines conformance and assessment criteria for compliance with minimum security requirements for control of physical ingress and egress as related to overall physical and environmental protection requirements.
ID	TD_UnauthorizedaccesstoCAhardwareisnotpermitted
Provider Reference

TD Removable media and paper containing sensitive plain-text information is stored in secure containers, v1.0
Description	Addresses the requirements for ensuring all removable media and paper containing sensitive plain-text information is stored in secure containers.
ID	TD_Removablemediaandpapercontainingsensitiveplaintextinformationisstoredinsecurecontainers
Provider Reference

TD Constant monitoring for unauthorized physical intrusion to system equipment, v1.0
Description	Addresses the requirement for ensuring physical intrusion monitoring of CA equipment.
ID	TD_Constantmonitoringforunauthorizedphysicalintrusiontosystemequipment
Provider Reference

TD Two person physical access control to cryptographic modules, v1.0
Description	Addresses the requirement for two person physical access control for cryptographic modules.
ID	TD_Twopersonphysicalaccesscontroltocryptographicmodules
Provider Reference

TD Two person physical access control to CA systems, v1.0
Description	Addresses the requirement for two person physical access control for CA equipment.
ID	TD_TwopersonphysicalaccesscontroltoCAsystems
Provider Reference

TD Removable cryptographic modules are secured, v1.0
Description	This Trustmark Definition defines conformance and assessment criteria for compliance with requirements for securing cryptographic modules.
ID	TD_Removablecryptographicmodulesaresecured
Provider Reference

TD Cryptographic Module activation information is secured, v1.0
Description	This Trustmark Definition defines conformance and assessment criteria for compliance with requirements for securing cryptographic module activation data.
ID	TD_CryptographicModuleactivationinformationissecured
Provider Reference

TD Sensitive PKI Certificate Authority (CA) equipment is secured, v1.0
Description	This Trustmark Definition defines conformance and assessment criteria for compliance with requirements for securing sensitive CA equipment.
ID	TD_SensitivePKICertificateAuthorityCAequipmentissecured
Provider Reference

TD Cryptographic Module activation data is memorized, v1.0
Description	This Trustmark Definition defines conformance and assessment criteria for compliance with security requirements for the memorization of cryptographic module activation data.
ID	TD_CryptographicModuleactivationdataismemorized
Provider Reference

TD Cryptographic Module activation data is recorded, v1.0
Description	This Trustmark Definition defines conformance and assessment criteria for compliance with security requirements for the recording of cryptographic module activation data.
ID	TD_CryptographicModuleactivationdataisrecorded
Provider Reference

TD Cryptographic Module activation data is secured, v1.0
Description	This Trustmark Definition defines conformance and assessment criteria for compliance with security requirements for securing cryptographic module activation data.
ID	TD_CryptographicModuleactivationdataissecured
Provider Reference

TD Cryptographic Module activation data not stored with associated cryptographic modules, v1.0
Description	This Trustmark Definition defines conformance and assessment criteria for storing cryptographic module activation data separate from associated cryptographic modules.
ID	TD_CryptographicModuleactivationdatanotstoredwithassociatedcryptographicmodules
Provider Reference

TD Cryptographic Module activation data not stored with removable hardware, v1.0
Description	This Trustmark Definition defines conformance and assessment criteria for storing cryptographic module activation data separate from removable hardware associated with remote workstations used to administer the CA.
ID	TD_CryptographicModuleactivationdatanotstoredwithremovablehardware
Provider Reference

TD Security checks performed for unattended facilities housing PKI CA equipment, v1.0
Description	Addresses the requirement for security checks of unattended facilities housing Organization CA equipment.
ID	TD_SecuritychecksperformedforunattendedfacilitieshousingPKICAequipment
Provider Reference

TD Security checks performed for unattended facilities housing PKI CA workstations, v1.0
Description	Addresses the requirement for security checks of unattended facilities housing remote workstations used to administer the Organization CA.
ID	TD_SecuritychecksperformedforunattendedfacilitieshousingPKICAworkstations
Provider Reference

TD Security checks verify equipment state, v1.0
Description	Addresses the requirement for security checks to verify equipment state related to cryptographic modules.
ID	TD_Securitychecksverifyequipmentstate
Provider Reference

TD Security Checks Verify Security Containers Are Properly Secured, v1.0
Description	Addresses the requirement for security checks to verify that security containers are properly secured.
ID	TD_SecurityChecksVerifySecurityContainersAreProperlySecured
Provider Reference

TD Security Checks Verify Physical Security Systems Are Functioning Properly, v1.0
Description	Addresses the requirement for security checks to verify that physical security systems (e.g., door locks, vent covers) are functioning properly.
ID	TD_SecurityChecksVerifyPhysicalSecuritySystemsAreFunctioningProperly
Provider Reference

TD Security Checks Verify Area Is Secured Against Unauthorized Access, v1.0
Description	Addresses the requirement for security checks to verify the area is secured against unauthorized access.
ID	TD_SecurityChecksVerifyAreaIsSecuredAgainstUnauthorizedAccess
Provider Reference

TD Responsibility For Equipment Physical Security Checks Is Assigned, v1.0
Description	Addresses the requirement for a person shall be made explicitly responsible for making security checks.
ID	TD_ResponsibilityForEquipmentPhysicalSecurityChecksIsAssigned
Provider Reference

TD Log Maintained for Physical Security Checks, v1.0
Description	Addresses the requirement for the responsibility of physical security checks of equipment to be logged.
ID	TD_LogMaintainedforPhysicalSecurityChecks
Provider Reference

TD Facility sign-out sheet, v1.0
Description	Addresses the requirement for the last person who departs the facility to initial a sign-out sheet indicating the time and date.
ID	TD_Facilitysignoutsheet
Provider Reference

TD Protection in place on departure from facility, v1.0
Description	Addresses the requirement for the last person who departs the facility to initial a sign-out sheet asserting that all necessary physical protection mechanisms are in place and activated.
ID	TD_Protectioninplaceondeparturefromfacility
Provider Reference

Sources (1)

FBCA-CP	X.509 Certificate Policy For the Federal Bridge Certification Authority (FBCA), Version 2.27. December 2, 2013.

Also available as XML or JSON