[Public Interpretations Database]

I-0060: TFM Must Describe Network Security Architecture And Design

 
NUMBER:               I-0060
STATUS:               Ready to Prepare for Management/CCIMB

TITLE:                TFM Must Describe Network Security Architecture And Design

FIRST POST:            [criteria 2348]
MOST RECENT REPOST:    [criteria 2380]

REQUIREMENT:          Trusted Facility Manual
CRITERIA CLASSES:     C1, C2, B1, B2, B3, A1
DOCUMENT(S):          Trusted Facility Manual
RELATED TO:           <None>

STATEMENT:

The following interprets the requirement that ``A manual addressed to the ADP System Administrator shall present cautions about functions and privileges that should be controlled when running a secure facility.''

If the TCB includes network connections, the TFM shall include a description of the security-relevant network policies, objectives, and protocols; the allowed interfaces, services, and protocol options that maintain trust; and any usage restrictions placed on the network.

PROJECTED IMPACT:

Negligible impact anticipated.

SUPPORT:

The era of the monolithic isolated operating system is dead. Increasingly, products are including network connectivity as part of the standard evaluated product. When this connectivity is included, the ways to securely use this connectivity must be described as part of the administrative guidance in the TFM.

If the product provides networking connections whose use requires trust in unevaluated networking support programs, the TFM must direct the administrator to configure the product such that the unevaluated software is disabled.

If the product is designed to support networking connections to entities outside the TCB and has had the networking support programs evaluated, then the TFM must include material that describes how networking connections are to be configured and used in a secure manner. If appropriate, this should include material on how other products can be connected with the evaluated product to preserve the access control policy and create an overall network TCB as discussed in the Trusted Network Interpretation of the TCSEC. Also, as appropriate, it should describe any protocol standards and conventions that must be followed in order to preserve the security of the TCB. Standard protocols may be described by reference to published standards together with identification of the options used. Protocols used only internally to the TCB need not be documented in the TFM.