

	Home • About Us •A-Z Index• Search • Inquiries • Register• Login• Press • Shop

Conformance Statement

Product Standard: Baseline Security 96

This form contains a series of questions that need to be answered. As you go about answering the questions, please keep the following things in mind:

While it is not required that each question be answered at this time, all questions must have answers before the response is submitted to The Open Group for review and publication.
You can press the "Save" button at any time to save your work. Once the work has been saved, you will be given the option to continue editing if you like.
Many questions have instructions that will help you develop your answers. Please look at the instructions carefully.
If you have any questions or concerns, you can send mail to the Conformance Statement manager at The Open Group.

Enter the name of the Organization that produced the implementation and the name of the author of the Conformance Statement.

Organization
Author

1. Baseline Security 96

Product Information

Enter the product name, version/release number, and product supplier for each product required to meet the conformance requirements.

Product Identification	Version/Release Number	Product Supplier

Environment Specification

Branding applies to software products in one of more specific binary-compatible families (hardware or hardware/software environments).
A Product may be branded in all members of a binary-compatible family on the basis of a single branding application.

Answer the questions for each binary-compatible family.

Testing Environment	Binary-compatible Family	Portability Environment	Indicator of Compliance	Compliance Details
				Test Suite: Test Report:
				Test Suite: Test Report:
				Test Suite: Test Report:
				Test Suite: Test Report:
				Test Suite: Test Report:

Temporary Waivers

Enter the waiver number and expiry date for each temporary waiver granted by The Open Group.

	Waiver Number	Expiry Date

1.1 Target of Conformance (TOC) and the Trusted Computing Base (TCB)

The "Product Identification" section above identifies in the normal way the product that is registered as conformant to the Profile Definition. However, when considering systems security, it is necessary to be more precise and identify whether the "Target of Conformance (TOC)" is the whole product, or whether it is a subset of the product such that usage of functionality outside the TOC could reduce the level of security of the system. (The Trusted Computing Base (TCB) is defined as the totality of protection mechanisms within an IT system, including hardware, firmware, software and data, the combination of which is responsible for enforcing the security policy. The Target of Conformance (TOC) is the TCB together with any additional software that contains no security relevant code. See the X/Open XBSS Specification, Section 3.4, Defining the Target of Conformance.)

Identify below the target of conformance. If it is the whole product identified in the "Product Identification" above then state "the whole product". if it is not the whole product state clearly what is included in the TOC and what is not.

The Target of Conformance for this registered product is:

Purchasers should note that adding other products to the registered product, other than certain types of applications which are enumerated in the vendor's documentation, should be done with care as it could cause a reduction in the overall level of conformance, for which the supplier of the registered product cannot be held responsible.

1.2 Conformance Implications

Question 1: What are the criteria that an application must meet in order to guarantee that it can be added to the Target of Conformance (TOC) without compromising conformance of the system to the Baseline Security 96 Profile Definition?

Response

Give the criteria used for enumerating which applications have conformance implications or point to a document where that information exists. If pointing to a product document, give the full document reference.

Rationale

The requirement for criteria for adding to the TOC in a secure manner is expected typically to be met by enumerating the ways in which a program executing on the system can be given, or acquire, privileges which may be exploited in order to circumvent the system security policy. This is likely to include, but not be limited to, execution by users with special authorisations (in particular the root user), assignment of set-user-id permissions to executables, and execution by privileged system processes (for example, the login process or a network services daemon).

Since the primary audience for the stated document is system administrators who will be installing third party applications programs, it will be helpful to give guidance both on how to install an application with secure default permissions and on how to detect potential use or abuse of privilege subsequent to the installation. This may be as simple as instructions on checking for the presence of set-user-id executables on the system, or be extended to include advice on analysis of the system audit logs.

Reference

X/Open CAE Specification, Baseline Security Services (XBSS), Section 4.10.2, Administrative Documentation.

1.3 Identification and Authentication Requirement

Question 2: What methods of authentication are provided in addition to the password method which is mandatory?

Response

Define and enter the additional authentication mechanism methods which can be used.

Rationale

The TCB shall maintain authentication data that includes information for verifying the identity of individual users.

For each user of the system, there must always be some form of data which authenticates that user. The usual form is the password and systems must be shipped equipped to deal with password authentication. However, it is perfectly reasonably to operate other authentication devices such as smart tokens, biometric measuring devices (such as a finger print or retina image), a challenge-response method, or a one time password list.

Reference

X/Open CAE Specification, Baseline Security Services (XBSS), Section 4.4.2, Authentication and Account Data.

Question 3: Which method is used to notify users when a password change is due?

Response

Enable one or both of the two paragraphs below, as appropriate.

Upon password expiration, notifying the user but allowing an administration-specifiable subsequent number of additional usages prior to requiring a new password.

Upon password expiration, the TCB shall notify the user at the time of login and require the password to be changed before proceeding with the establishment of the login session.

Rationale

Some mechanism is to be present to let users know that their password is about to expire. This can be viewed as a machine implementation of good practice. Advance warning can be sent to the user by electronic mail, by notifying the user with a message at login time, or both.

Reference

X/Open CAE Specification, Baseline Security Services (XBSS), Section 4.4.5, Specific Requirements for Password Authentication Mechanisms.

Question 4: Are the password complexity checking algorithms configurable or replaceable?

Response

CONFIGURABLE	Yes No
REPLACEABLE	Yes No

At least one question must be answered 'Yes'.

Rationale

The password complexity-checking algorithm shall be configurable or replaceable by site.

X/Open CAE Specification, Baseline Security Services (XBSS), Section 4.4.5, Specific Requirements for Password Authentication Mechanisms.

1.4 Basic System Entry Control

1.4.1 Authentication: User-initiated Locking

Question 5: For the user-initiated locking of a terminal, is the output also disabled and the screen cleared or occluded?

Response

Output disabled	Yes No
Screen cleared or occluded	Yes No

Rationale

During the time that the user session is locked it may be desirable, though it is not required, to disable output and clear or occlude the screen.

Reference

X/Open CAE Specification, Baseline Security Services (XBSS), Section 4.5.5, User-initiated Locking.

1.5 Basic Audit Requirement

1.5.1 Audit Trail Control, Management and Inspection

Question 6: What is the limit to the number of users that can be selectively audited?

Response

Enter NOLIMIT if there is no limit.

Rationale

The system administrator shall be able selectively to audit the actions of one or more users based on identity or object policy attributes.

This requirement calls for both preselection (configuring which events are to be recorded in the audit trail) and post-selection (the selection of audit records from the recorded audit trail). Preselection is desirable because it reduces the amount of audit data that is stored, but it must be kept in mind that if an event is not preselected to be recorded in the audit trail, it cannot be post-selected for when the audit trail is analysed.

By default, the post-selection tools must be able to select audit records based on the identity of users and the policy attributes of objects they access.

Reference

X/Open CAE Specification, Baseline Security Services (XBSS), Section 4.6.4, Audit Trail Control, Management and Inspection.

1.6 Security Manuals

1.6.1 User Documentation

Question 7: In what form is the user documentation for security?

Response

Describe below the user security documentation and give the full document reference.

Rationale

The vendor shall provide end-user documentation in the form of a single summary, chapter or manual which:

describes all security services provided and enforced by the TCB
describes the interaction between security services
provides guidelines on their use.

The purpose of this requirement is to ensure that the users of the system have all the information they need to operate it in a secure manner from day one. The information relating to security should, by preference, be contained in one particular manual, but it is acceptable for it to be contained in a number of manuals in the standard user documentation set, provided the user can readily determine where to find all the relevant security features. The information on security can either be delivered with the system, or a clear pointer to its availability should be included.

Reference

X/Open CAE Specification, Baseline Security Services (XBSS), Section 4.10.1, User Documentation.

1.6.2 Administrative Documentation

Question 8: In what form is the administrative documentation for security?

Response

Describe the administration security documentation, and give the full document reference.

Rationale

The vendor shall provide product administrator documentation which describes the proper administration of all the security services and associated procedures, privileges and functions.

This documentation shall describe the administrative interaction between security services, and shall provide guidelines on secure generation of a new TCB.

The procedures for examining and maintaining the audit files as well as the detailed audit record structure for each type of audit event shall be given.

The purpose of this requirement is to ensure that the product administrator has the materials to understand how to administer the system in a secure manner. The manual may give general security advice (an overview), but specifically it should:

explain clearly how to install (or re-install) and then configure the system in a secure manner -- this would involve some discussion of the user and the user account, group membership, subject attributes and object attributes
explain how to maintain the system in a secure manner across its life time -- this might include examples of daily, weekly and monthly security routines as well as specific tasks such as bringing a system backup after a crash
provide instruction on how to regenerate parts of the TCB, such as the kernel, in a secure way (on systems that allow TCB regeneration)
explain the audit trail mechanism so that the authorised user can effectively use the audit trail to implement the local security policy
explain how to adjust system defaults if experience of use shows them to be too lenient or too stringent.

Reference

X/Open CAE Specification, Baseline Security Services (XBSS), Section 4.10.2, Administrative Documentation.

2. Change History

Date	Name	Comment
New

OSF/1, Motif, UNIX, and the "X" device are registered trademarks in the U.S. and other countries, and IT DialTone and The Open Group are trademarks of The Open Group.

[ Home ] [ Testing Home ] [ Conformance Statement Library Home ] [ Search Conformance Statements ] [ Send Feedback ]

Home • About Us •A-Z Index• Search • Inquiries • Register• Login• Press • Shop

1. Baseline Security 96

Product Information

Environment Specification

Temporary Waivers

1.1 Target of Conformance (TOC) and the Trusted Computing Base (TCB)

1.2 Conformance Implications

1.3 Identification and Authentication Requirement

1.4 Basic System Entry Control

1.4.1 Authentication: User-initiated Locking

1.5 Basic Audit Requirement

1.5.1 Audit Trail Control, Management and Inspection

1.6 Security Manuals

1.6.1 User Documentation

1.6.2 Administrative Documentation

2. Change History