220 likes | 424 Views
Common Criteria Protection Profiles and the NSA Strategy for Their Use Within the U.S. Department of Defense. Louis Giles, NSA. CACR Information Security Workshop. Outline. Common Criteria Protection Profiles (PP’s) Structure Development Tools Examples
E N D
Common Criteria Protection Profilesand the NSA Strategy for Their Use Within the U.S. Department of Defense Louis Giles, NSA lgiles@radium.ncsc.mil CACR Information Security Workshop
Outline • Common Criteria Protection Profiles (PP’s) • Structure • Development Tools • Examples • NSA Strategy to Use PP’s for the U.S. DoD • The U.S. Common Criteria Evaluation Program
Common Criteria Protection Profile (PP) • High-level expression of desired security properties (i.e. security environment, security objectives and security requirements) • A mechanism to provide Consumers the ability to specify their security requirements • Generic so multiple implementations may meet the stated requirements • PP represents “I want”
Common Criteria Security Target (ST) • High-level expression of claimed security properties • A mechanism to provide Vendors the ability to make claims regarding their security products • Specific to an implementation • ST represents “I provide”
What’s In a PP • Security Environment Defined • The TOE will be used in environments in which no higher than sensitive but unclassified information is processed, or the sensitivity level of information in both the internal and external networks is the same. Firewalls compliant provide access control policies, extensive auditing and a low level of assurance. • Secure Usage Assumptions • Connectivity Assumptions • Single entry point • Physical Assumptions • Control of physical access • Personnel Assumptions • Trustworthy Administrator
What’s In a PP (cont.) • Organizational Security Policies • Threats to Security • Threats Addressed by the TOE • An unauthorized person may gain logical access to TOE • Lack of audit trail • Undetected penetration attempts • Threats to be Addressed by Operating Environment • Hostile system administrator • Sophisticated attacks on higher-level protocols • Security Objectives • Functional Security Requirements and Assurance
From The Old To the New • FIPS 140-1, and Orange Book C2, B1, B2, B3, A1 would all be Protection Profiles in Common Criteria terminology as they state customer requirements • CC PP’s drafted for C2 (Controlled Access) and B1 (Labeled Security) Operating Systems, Firewalls and VPN’s • NSA drafting other PP’s as part of Information Assurance Technical Framework (IATF) • NIST project to draft PP for FIPS 140-2
The CC Toolbox • Information Assurance “TurboTax” design tool for: • Architects • System Engineers • Requirements Activities • Focused on: • Application of the CC • Describing Security Features • Specifying Security Requirements • Drafting ST’s and PP’s • http://cctoolbox.sparta.com
Information Assurance Technical Framework • What? A security guidance document developed by NSA’s ISSO organization with support from security advocates in government and industry • Constraints? • Unclassified • Published on the Internet • Primary Coordination forum? Information Assurance Technical Framework Forum (IATFF)
Expected use of results • Help government users become wiser consumers of implementing security solutions • Assistindustryin understanding the government’s needs and the nature of the desired solutions to these needs • Focus Government and Industry investment resources on the security technology gaps
How does the Framework help Government users? • By describing their needs to the industry providers • By “suggesting” the important characteristics of security solutions to different classes of problems • By providing an assessment of the security technology available on the open market
Security Countermeasures Non-Technical Technical Security Methodology Mission Needs National/ Service/Agency Policies, Regulations, Standards Adversaries, Motivations, and Attacks Organizational Security Policy Risk Assessment Certification and Accreditation Life-Cycle Security Management
Supporting Infrastructures Defend the Computing Environment Defend the Network & Infrastructure Defend the Enclave Boundary Information Assurance Technical Framework Detect & Respond KMI/ PKI Executive Summaries, Protection Profiles Flow from Policy to Specification National Policy NSTISSIC, NSTISSAM GIG Policy Intel Comm. DCID 6/3 GIG IA Policy & Implementation Guidance GIG Architecture Services, Protocols, etc. People Technology Operations DITSCAP NIAP Certification and Accreditation process -Testing -Evaluation -Certification
Successful Mission Execution Operations Information Assurance Defense In Depth Strategy Technology People Supporting Infrastructures Defend the Enclave Boundary Defend the Computing Environment Defend the Network & Infrastructure Detect & Respond KMI/PKI IATF: Chapter 5 Chapter 6 Chapter 7 Chapter 8 How It’s Organized • Central Change:Alignment with Defense-In-Depth NSFChapter 5 “Security Solutions Framework”
Information AssuranceTechnical Framework (IATF) Information AssuranceTutorial &General Guidance Main Body Concise, Definitive Security Requirements For Specific Cases Executive Summaries FormalCommon Criteria Documents for Defining Testable Requirements Protection Profiles Today’s Framework Elements IATF Release 2.0, Figure 1-2, Composition of the IATF The “Document” Appendix F: Case Specific Guidance(aka “executive summaries”) Appendix G: Protection Profiles
User Situation & Need for Information Assurance Solution Protection Profile for ______ Protection Profile for ______ Protection Profile for ______ Case Specific Guidance(aka “Executive Summaries”) Descriptive Name for the Need Purpose or Objective Describe what the user wants the system to do Describe the problem the system is intended to solve Target Environment What the user wants the system to do? What is the problem the system is intending to solve? Where does the system operate? How is it used? Diagram of system context Potential Attacks How could an adversary harm operations? What are the information system attacks for which protection is needed? Security Policies What are the security objectives that the system must meet? Info domains? Recommended Approach What is the conceptual architecture for the system? Where will security functions be allocated? Diagram of system Security Functions What are the security functional requirements for the system? What security services must the system perform for each information domain? Assurance Requirements What is the target Evaluation Assurance Level? What strength of mechanism is needed? Interoperability Requirements What other equipments, systems, or procedures must this system exchange information with? Supporting Infrastructure Requirements What support does the system require from Detect and Respond ? What support does the system require from the Key Management Infrastructure? Version Control/Reference Information When last up-dated? By who? Approved by who? Executive Summary for ______
Three Kinds of Protection Profiles • DoD (COTS) Acquisition Protection Profiles • Developed To Become Binding Procurement Guidance for DoD • Must Be Achievable with Today’s Technology • May Be Accompanied by Additional Specification Data • Will Be Coordinated DoD-Wide by OSD • Ultimately “Owned” by OASD(C3I) • Technology Goal Protection Profiles • Developed To Influence Development of New Technology • Focused on Future Needs or Implementations • “Owned” by NSA • Specific Need Protection Profiles • Developed In Response to a Customer’s Specific Need • Subject to Customer Approval • “Owned” by the Customer
IATF Status • Version 1.1 (NSF) - Dec 98 • Version 2.0 (align w/D-I-D)published Sep 99 • Comment at: www.iatf.net (nsff.org) • Appendices F & G
Information Assurance Technical Framework Forum (IATFF) • An NSA sponsored forum to foster dialog amongst U.S. Government agencies and U.S. Citizens representing U.S. Industry regarding solutions to network security problems • Session every 6 weeks • Maritime Institute, Linthicum, MD • Admission is free. Advance registration required
IATFF Information • Internet WEB site • Announcements, agenda, minutes, briefing charts • IATF Document (HTML,PDF, MS WORD & ZIP) • On-Line Registration (Forum and Sessions) • SSL and Password protected • www.nsff.org --> now: www.iatf.net • Registrar: John Niemczuk, Booz•Allen & Hamilton Inc. niemczuk_john@bah.com, 410-684-6246
NIAP - A NIST/NSA Partnership Focusing On: • Common Criteria related activities • Accreditation and support of private sector CC-based evaluation laboratories • Development of Protection Profiles • Establishing mutual recognition of CC-based evaluations • Government-industry partnerships
Common Criteria Evaluation and Validation Scheme (CCEVS) • Major National Information Assurance Partnership (NIAP) program initiative • Targeted to begin in Fall 1999 • Testing based upon Common Criteria (CC) and Common Evaluation Methodology • Tests performed by accredited commercial labs • Results posted on NIAP Validated Products List (www.niap.nist.gov)