Inital asset commit (2fc78a86) · Commits · STAN4CRA / EN 304 624 Public key infrastructure and digital certificate issuance software

EN-304-624.md

+137 −0

Original line number	Diff line number	Diff line
		@@ -394,6 +394,143 @@ The enterprise will employ competent system administrators to install, configure
		However, system operators may have limited experience running critical component services and have have only received basic training in cybersecurity or data protection.


		### 4.2.6 Assets

		#### 4.2.6.1 System administration

		Table 4.1 provides a list of system administrations assets for the PKI product.

		<div align="center">
		<table border=1>
		<thead>
		<tr>
		<td colspan=2 align="center"> <strong>Asset</strong> </td>
		<td> <strong>Comments</strong> </td>
		</tr>
		</thead>
		<tbody>
		<tr> <td colspan=3 align="left"> Data </td></tr>
		<tr>
		<td> GEN01 </td>
		<td> Product configuration data </td>
		<td> Can include certificate profile settings, security<br>
		log settings and software update settings.</td>
		</tr>
		<tr>
		<td> GEN02 </td>
		<td> User account data </td>
		<td> Can include authentication credentials and access<br>
		rights.</td>
		</tr>
		<tr>
		<td> GEN03 </td>
		<td> Security log data </td>
		<td> Can include account access, account change and<br>
		configuration change events.</td>
		</tr>
		<tr><td colspan=3 align="left"> Functions </td></tr>
		<tr>
		<td> GEN11 </td>
		<td> Configuration management function </td>
		<td> Can be used to change to configuration settings<br>
		and reset to default values.</td>
		</tr>
		<tr>
		<td> GEN12 </td>
		<td> Software update function </td>
		<td> Can be used to initiate installation of a software<br>
		update.</td>
		</tr>
		<tr>
		<td> GEN13 </td>
		<td> User account management function </td>
		<td> Can be used to create accounts, change access<br>
		rights, and reset authentication credentials.</td>
		</tr>
		<tr>
		<td> GEN14 </td>
		<td> Log management function </td>
		<td> Can be used to view log data.</td>
		</tr>
		<tr> <td colspan=3 align="left"> Interfaces</td></tr>
		<tr>
		<td> GEN21 </td>
		<td> Remote administration interface </td>
		<td> Can be a remotely accessible web portal.</td>
		</tr>
		<tr>
		<td> GEN22 </td>
		<td> Local administration interface </td>
		<td> Can be a locally accessible command line<br>
		interface.</td>
		</tr>
		</tbody>
		</table>

		<strong>Table 4.1.</strong> System administration related assets
		</div>

		#### 4.2.6.2 Registration service

		Table 4.2 provides a list of assets for a PKI product that supports registration services.

		<div align="center">
		<table border=1>
		<thead>
		<tr>
		<td colspan=2 align="center"> <strong>Asset</strong> </td>
		<td> <strong>Comments</strong> </td>
		</tr>
		</thead>
		<tbody>
		<tr><td colspan=3 align="left"> Data </td></tr>
		<tr>
		<td> REG01 </td>
		<td> Subscriber data </td>
		<td> Can include subscriber contact details and<br>
		other personal data.</td>
		</tr>
		<tr>
		<td> REG02 </td>
		<td> Certificate request </td>
		<td> --- </td>
		</tr>
		<tr>
		<td> REG03 </td>
		<td> Registration log data </td>
		<td> Can include records of registration request and <br>
		approvals.</td>
		</tr>
		<tr><td colspan=3 align="left"> Functions </td></tr>
		<tr>
		<td> REG11 </td>
		<td> Subscriber management function </td>
		<td> Can be used to register subscribers and change
		subscriber details.</td>
		</tr>
		<tr>
		<td> REG12 </td>
		<td> Cerificate request approval function </td>
		<td> Can be used to approve or deny certificate
		requests.</td>
		</tr>
		<tr> <td colspan=3 align="left"> Interfaces</td></tr>
		<tr>
		<td> REG21 </td>
		<td> Subscriber interface</td>
		<td> Can be a remotely accessible web portal.</td>
		</tr>
		<tr>
		<td> REG22 </td>
		<td> Certificate request interface</td>
		<td> Can be a remotely accessible API.</td>
		</tr>
		</tbody>
		</table>

		<strong>Table 4.2.</strong> Registration service related assets
		</div>

		## 4.3 Security Profile 2 (SP2) - Web PKI
		### 4.3.1 SP2 - Assets
		### 4.3.2 SP2 - Essential Functions