In order to configure BooleBox in the certified Common Criteria EAL2+ version, it is necessary to verify that the safety objectives defined for the operating environment are satisfied.
OPERATIONAL ENVIRONMENT OBJECTIVE | DESCRIPTION | SECURITY PRECAUTIONS TO BE TAKEN |
OE.IDENTIFY | The Operational Environment supports the TOE in identifying and authenticating the authorized Operating System Administrators, authorized DBMS Administrator and authorized Storage Administrator. | Configure the Operating System, the DBMS and the Storage in such a way that they identify the administrators of the TOE through credentials of adequate robustness. Set a password for the administrator of the DBMS and the Operating System that respects the complexity criteria defined for the TOE. |
OE.AUDIT PROTECT | The operational environment shall provide the capability to protect the integrity of audit log files generated by the TOE. | Perform an incremental and continuous backup of the database managed by the TOE. Configure the area of the DB where the log files reside in such a way that it is accessible only to authorized DB administrators. |
OE.PHYSICAL ACCESS | The physical access to the area where the TOE is hosted will be granted to TOE authorized administrators only. | Install the TOE in a controlled access area, which can only be accessed by authorized administrators. |
OE.DB | Those responsible for the TOE configuration and administration must ensure that access to the database via mechanisms outside the TOE boundary is restricted to TOE authorized administrators only, that will be configured in the DBMS as database administrators. The DB is considered by the TOE as a trusted IT Product. | Make sure that the administrators of the DBMS are all and only the administrators of the TOE. Make the Database reachable only from the TOE machine. |
OE.SO | Those responsible for the TOE configuration and administration must ensure that access to the Operating System via mechanisms outside the TOE boundary is restricted to TOE authorized administrators only, that will be configured in the Operating System as OS System Administrators. Only TOE authorized administrators can launch and execute TOE components and review the log files stored by the OS. The OS is considered by the TOE as trusted IT product. | Make sure that the users of the Operating System are all and only the administrators of the TOE. |
OE.STORAGE | Those responsible for the TOE configuration and administration must ensure that physical and logical access to the storage in TOE environment via mechanisms outside the TOE boundary is restricted to TOE authorized administrative users only. The STORAGE is considered by the TOE as trusted IT product. | If the Storage is implemented on NAS, SAN or File Server instead of on the local File System of the TOE, the Storage must:
|
OE.STAFF | Staff working as TOE authorized administrator shall be faithfully selected, skilled and trained for proper operation without compromising the TOE and proper TOE configuration at installation phase. | Make sure that the personnel appointed by the TOE administrator have followed the training courses provided by the BooleBox technical support team and have been selected in accordance with the company’s selection policies and procedures. |
OE.TIME | The operational environment shall provide a reliable time reference. | Configure the Operating System with a reliable clock timing. |
OE.CRYPTO | The Operational Environment shall provide FIPS 140-2 validated cryptographic functionalities (RSA 2048 bit key generation, AES 256 bit key generation, Random Number Generation for OTP generation, Random alphanumeric string generation for key generation, RSA encryption/decryption, SHA256 hashing, AES 256 encryption/decryption using .NET 4.5.1 libraries) and protocols (HTTPS based on AES 256 and RSA 2048) to properly support the TOE for audit log file protections and secure transfer of information between End User side and Server Side and between the TOE and other non-TOE component required in the TOE environment. | Configure the security policies of the Operating System in order to be able to use the FIPS 140-2 validated cryptographic features. Also make sure that secure communication protocols are active (HTTPS based on AES 256 and RSA 2048) to correctly support the TOE for the protection of log files, control and secure transfer of information both between the end user and server side, and between the TOE and another component not required in the TOE environment. |
OE.ALIGNEDBACKUP | The operational environment should provide a secure back-up of the DBMS data, of the Storage, of the BooleBox.dat configuration file and of the certificate used to encrypt the Master Key. | It is advisable to perform incremental backups with intervals adapted to the operating needs of the company in question. |
OE.CONTINUITY | The operational environment shall provide a system to ensure operational continuity in the event of a power failure. | Provide support units in the operating environment appropriate to the needs of the company in question (UPS, generator set, alternative electrical supply system, etc.) for managing the lack of electricity for prolonged periods that could cause data loss. |
OE.AUDIT | The Operational Environment shall support the TOE in the generation of audit records, correlating them to the proper user when applicable, as a result of specific TOE activities and operations performed by TOE users. In addition, the Operational Environment shall guarantee that only OS System Administrators (the only System Administrators configured at OS level are TOE authorized administrators) can accede and visualize the aforementioned audit information. | Activate the audit functions of the operating system and of the DBMS to record the actions performed by the respective administrators. |
OE.LOG STORE | The operating environment shall grant that there is enough space dedicated to log management. | Implement a procedure to periodically check the remaining space for log management or alternatively install a software that informs the administrative user when the storage space dedicated to logs is about to end. |
OE.INTEGRITY | The Operational environment shall provide the capability to protect the integrity of executable files of the TOE using .NET framework technology. | Use software that preserves hashes of the executable files used and alarms the user in case of file manipulation. |
OE.CERTIFICATE | The Operational environment shall support the TOE generating and securely storing the certificate containing the Kpriv and the Kpub used for BBOP MASTER KEY encryption/decryption. | Use secure systems for generating and storing the digital certificate. It is advised to use Common Criteria certified HSM systems. |
OE.PERSONALKEY | The Operation environment shall grant a secure distribution of a personal key correlate to a classification project and users are responsible for the secure management of their personal keys. | It is recommended to save the Personal Key used on a file uploaded on BooleBox and protected with Personal Key. |
OE.DOC | Those responsible for the TOE configuration and administration must ensure that access to the Document Manager Server via mechanisms outside the TOE boundary is restricted to TOE authorized administrators only, that will be configured in the Document Manager Server as Document Manager Server Administrators. The Document Manager Server is considered by the TOE as a trusted IT Product. | Make sure that the users of the Document Manager Server are all and only the administrators of the TOE. |