Validated Product - RSA Keon CA System, Version 6.5

PRODUCT DESCRIPTION

RSA Keon CA System version 6.5 is comprised of several components functioning together to provide certificate issuing and management services:

• Web Front End
• PKI Server
• Data Integrity Monitor
• Log Server.

The components that comprise this TOE are referred to collectively as the Keon CA System. The TOE is a digital certificate management system. The TOE provides: strong authentication, data confidentiality, integrity and non-repudiation. The Keon CA System offers services to publish to lightweight directory access protocol (LDAP)-compliant directories and has a built-in online certificate status protocol (OCSP) responder.

The Keon CA System comes equipped to handle cryptographic hardware tokens.

The Keon CA System is a signing authority solution for large enterprises and public CAs.

Keon CA System is responsible for creating and issuing both authority and end-entity public-key certificates, creating and issuing Certification Revocation Lists (CRLs), and responding to status requests.

In addition to the basic CA functionality, Keon CA System provides:

• Audit recording and backup capabilities.
• Use of a FIPS 140-1 Level 3 cryptographic card to protect all private keys.
• Additionally for key generation.

The Keon CA System is designed to meet the CIMC Security Level 3 requirements, which are appropriate where the risks and consequences of data disclosure and loss of data integrity are moderate. A CIMC meeting Security Level 3 includes mechanisms to protect against attacks by parties with physical access to the components and includes additional assurance requirements to ensure the CIMC is functioning securely.

At the basic level, the Keon CA System consists of a single Sun Solaris machine running Solaris 8, several servers, and other supporting software modules.