Assets update

The product will support logging of security events such as account access attempts, product configuration changes, and system warnings or errors.

The product will typically support some logging of events relevant to each of the component service it provides:

The product will typically support some logging of events relevant to each of the component service it provides. For example:

- Registration service events such as certificate requests and approvals.

- Certificate generation service events such as subject key generation and certificate signing operations.

- Revocation management service events such as revocation requests and results.

#### 4.2.2.3 Accounts

In the SME context, the product will support one or more of the following user accounts:

- <strong>System administrator account:</strong> authorized to install, configure and update the product.

- <strong>System administrator account:</strong> authorised to install, configure and update the product.

- <strong>System operator account:</strong> authorized to operate the PKI services. 

- <strong>System operator account:</strong> authorised to operate the PKI services. 

### 4.2.3 Architecture

Table 4.1 provides a list of system administrations assets for the PKI product.

<table border=1 align="center">

  <thead>

    <tr>

      <td colspan=2 align="center"> <strong>Asset</strong> </td>

      <td> <strong>Comments</strong> </td>

    </tr>

  </thead>

  <tbody>

    <tr> <td colspan=3 align="left"> Data </td></tr>

    <tr>

      <td> GEN01 </td>

      <td> Product configuration data </td>

      <td> Can include certificate profile settings, security<br>

          log settings and software update settings.</td>

    </tr>

    <tr>

      <td> GEN02 </td>

      <td> User account data </td>

      <td> Can include authentication credentials and access<br>

          rights.</td>

    </tr>

    <tr>

      <td> GEN03 </td>

      <td> Security log data </td>

      <td> Can include account access, account change and<br>

          configuration change events.</td>

    </tr>

    <tr><td colspan=3 align="left"> Functions </td></tr>

    <tr>

      <td> GEN11 </td>

      <td> Configuration management function </td>

      <td> Can be used to change to configuration settings<br>

          and reset to default values.</td>

    </tr>

    <tr>

      <td> GEN12 </td>

      <td> Software update function </td>

      <td> Can be used to initiate installation of a software<br>

          update.</td>

    </tr>

    <tr>

      <td> GEN13 </td>

      <td> User account management function </td>

      <td> Can be used to create accounts, change access<br>

          rights, and reset authentication credentials.</td>

    </tr>

    <tr>

      <td> GEN14 </td>

      <td> Log management function </td>

      <td> Can be used to view log data.</td>

    </tr>

    <tr> <td colspan=3 align="left"> Interfaces</td></tr>

    <tr>

      <td> GEN21 </td>

      <td> Remote administration interface </td>

      <td> Can be a remotely accessible web portal.</td>

    </tr>

    <tr>

      <td> GEN22 </td>

      <td> Local administration interface </td>

      <td> Can be a locally accessible command line<br>

          interface.</td>

    </tr>

  </tbody>

</table>

<div align="center">

<strong>Table 4.1.</strong> System administration related assets

| Asset | Description |

|---|---|

| System configuration data          | Includes settings for software updates, event logging, component <br> services, and the secure cryptographic device, if used |

| User account data                  | Includes user authentation credentials and access rights |

| Event log data                     | Includes system administration and component service event logs|

| System configuration management <br> function  | Used to change to system configuration  settings and reset to <br> default values |

| Software update function           | Used to manage installation of a software updates |

| User account management function   | Used to create new accounts, and change authentication credentials <br> and access rights for existing accounts |

| Event log management function      | Used to view event log data |

| Remote administration interface    | E.g., remotely accessible web portal |

| Local administration interface     | E.g., locally accessible command line interface |

<strong>Table 4.1.</strong> System administration assets

</div>

#### 4.2.6.2 Registration service

Table 4.2 provides a list of assets for a PKI product that supports registration services.

<div align="center">

<table border=1 align="center">

  <thead>

    <tr>

      <td colspan=2 align="center"> <strong>Asset</strong> </td>

      <td> <strong>Comments</strong> </td>

    </tr>

  </thead>

  <tbody>

    <tr><td colspan=3 align="left"> Data </td></tr>

    <tr>

      <td> REG01 </td>

      <td> Subscriber data </td>

      <td> Can include subscriber contact details and<br>

          other personal data.</td>

    </tr>

    <tr>

      <td> REG02 </td>

      <td> Certificate request </td>

      <td> --- </td>

    </tr>

    <tr>

      <td> REG03 </td>

      <td> Registration log data </td>

      <td> Can include records of registration request and <br>

          approvals.</td>

    </tr>

    <tr><td colspan=3 align="left"> Functions </td></tr>

    <tr>

      <td> REG11 </td>

      <td> Subscriber management function </td>

      <td> Can be used to register subscribers and change

        subscriber details.</td>

    </tr>

    <tr>

      <td> REG12 </td>

      <td> Cerificate request approval function </td>

      <td> Can be used to approve or deny certificate

          requests.</td>

    </tr>

    <tr> <td colspan=3 align="left"> Interfaces</td></tr>

    <tr>

      <td> REG21 </td>

      <td> Subscriber interface</td>

      <td> Can be a remotely accessible web portal.</td>

    </tr>

    <tr>

      <td> REG22 </td>

      <td> Certificate request interface</td>

      <td> Can be a remotely accessible API.</td>

    </tr>

  </tbody>

</table>

| Asset | Description |

| ---   | ---         |

| Subscriber data                      | Includes subscriber personal data |

| Certificate request                  | Subject certificate signing request |

| Subscriber management function       | Used to register subscribers and change subscriber details |

| Cerificate request approval function | Used to approve or reject subject certificate requests |

| Registration service user interface | E.g., remotely accessible web portal |

| Certificate request API | E.g., remotely accessible logical interface |

<strong>Table 4.2.</strong> Registration assets

</div>

If the PKI product does provide support for subscriber management as part of its registration services, then the subscriber data and subscriber management function will not be present. 

#### 4.2.6.3 Certificate generation service

Table 4.3 provides a list of assets for a PKI product that supports certificate generation services.

<div align="center">

<strong>Table 4.2.</strong> Registration service related assets

| Asset | Description |

| ---   | ---         |

| CA private key data             | CA private signing keys. Can be stored on the secure cryptographic <br> module, if used |

| Subject private key data        | Subject private decryption keys, if key recovery is supported |

| Key management function         | Used to manage CA and subject private keys |

| Certificate generation function | Used to sign certificates and CRLs |

| Certificate generation service <br> user interface | E.g., remotely accessible web portal or locally accessible command <br> line interface |

|Secure cryprographic device API | Logical interface for the secure cryptographic device |

<strong>Table 4.3.</strong> Certificate generation assets

</div>

If the PKI product does not support the use of subject key generation or subject key recovery, then the subject private key data will not be present and the key management function will only be used to manage CA private keys.

If the PKI product does not support registration services, then certificate requests can either be submitted directly via the certificate generation service user interface or via a related logical interface.

#### 4.2.6.4 Dissemination service

Table 4.4 provides a list of assets for a PKI product that supports dissemination services.

<div align="center">

| Asset | Description |

| ---   | ---         |

| Certificate store data                         | Issued subject certificates and related information | 

| Certificate store management function          | Used to manage certificates in the certificate store |

| Certificate store look-up function             | Used to handle requests for certificates from relying parties |

| Dissemination service user interface           | E.g., remotely accessible web portal |

| Subscriber dissemination service interface     | E.g., email client interface |

| Relying party dissemination service interface  | E.g., remotely accessible logical interface | 

<strong>Table 4.4.</strong> Dissemination assets

</div>

If the PKI product does not support dissemination services, then the dissemination assets will be replaced by a logical interface to a third-party enterprise directory service.

#### 4.2.6.5 Revocation management service

Table 4.5 provides a list of assets for a PKI product that supports revocation management services.

<div align="center">

| Asset | Description |

| ---   | ---         |

| Revocation request                       | Request to revoke an issued subject certificate       | 

| Revocation management function           | Used to approve or reject revocation requests | 

| Revocation management user interface     | E.g., remotely accessible web portal          |

<strong>Table 4.5.</strong> Revocation management assets

</div>

The PKI product can support limited revocation management services even if it does not support a certificate status service. In such cases, the revocation management function and user interface can be considered part of the corresponding certificate generation assets.

#### 4.2.6.6 Certificate status service

Table 4.5 provides a list of assets for a PKI product that supports revocation management services.

<div align="center">

| Asset | Description |

| ---   | ---         |

| Certificate status data                       | Revocation status of issued certificates | 

| Certificate status management function        | Used to update certificate statuses and issue CRLs | 

| Certificate status user interface             | E.g., remotely accessible web portal          |

| Relying party certificate status interface    | E.g., remotely accessible logical interface   |

<strong>Table 4.5.</strong> Certificate status assets

</div>

### 4.2.7 Threats

<div align="center">

| Threat | Asset | Property |

| --- | --- | --- |

| An attacker modifies a parameter in unprotected system configuration <br> data | System configuration <br> data | Integrity |

| An attacker modifies a parameter via unprotected system configuration <br> management function | System configuration <br> management function | Authorisation, <br> Authentication |

| An attacker | |

</div>

## 4.3 Security Profile 2 (SP2) - Web PKI