Verdasys FIPS VSEC Security Policy

Verdasys FIPS VSEC Security Policy

Verdasys, Inc. Verdasys Secure Cryptographic Module Software Version: 1.0 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 1 Document Version: 0.3 Prepared for: Prepared by: Verdasys, Inc. Corsec Security, Inc. 404 Wyman Street, Suite 320 13135 Lee Jackson Memorial Hwy., Suite 220 Waltham, MA 02451 Fairfax, VA 22033 Phone: +1 781 788 8180 Phone: +1 703 267 6050 Email: [email protected] Email: info@ corsec.com http://www.verdasys.com http://www.corsec.com Security Policy , Version 0.3 August 20, 2012 Table of Contents 1 INTRODUCTION ................................................................................................................... 3 1.1 PURPOSE ................................................................................................................................................................ 3 1.2 REFERENCES .......................................................................................................................................................... 3 1.3 DOCUMENT ORGANIZATION ............................................................................................................................ 3 2 VSEC MODULE ....................................................................................................................... 4 2.1 OVERVIEW ............................................................................................................................................................. 4 2.2 MODULE SPECIFICATION ..................................................................................................................................... 6 2.2.1 Physical Cryptographic Boundary ...................................................................................................................... 6 2.2.2 Logical Cryptographic Boundary ........................................................................................................................ 7 2.3 MODULE INTERFACES .......................................................................................................................................... 7 2.4 ROLES AND SERVICES ........................................................................................................................................... 8 2.5 PHYSICAL SECURITY ............................................................................................................................................. 9 2.6 OPERATIONAL ENVIRONMENT ........................................................................................................................... 9 2.7 CRYPTOGRAPHIC KEY MANAGEMENT ............................................................................................................ 10 2.8 SELF -TESTS .......................................................................................................................................................... 11 2.9 MITIGATION OF OTHER ATTACKS .................................................................................................................. 12 3 SECURE OPERATION ......................................................................................................... 13 3.1 INITIAL SETUP ...................................................................................................................................................... 13 3.2 CRYPTO OFFICER GUIDANCE .......................................................................................................................... 13 3.3 USER GUIDANCE ................................................................................................................................................ 13 4 ACRONYMS .......................................................................................................................... 14 Table of Figures FIGURE 1 – DIGITAL GUARDIAN ARCHITECTURE ................................................................................................................. 4 FIGURE 2 – STANDARD GPC BLOCK DIAGRAM ................................................................................................................... 6 FIGURE 3 – LOGICAL BLOCK DIAGRAM AND CRYPTOGRAPHIC BOUNDARY .................................................................. 7 List of Tables TABLE 1 – SECURITY LEVEL PER FIPS 140-2 SECTION ......................................................................................................... 5 TABLE 2 – FIPS INTERFACE MAPPINGS ................................................................................................................................... 8 TABLE 3 – MAPPING SERVICES TO INPUTS , OUTPUTS , CSP S, AND TYPE OF ACCESS ...................................................... 8 TABLE 4 – FIPS-APPROVED ALGORITHM IMPLEMENTATIONS .......................................................................................... 10 TABLE 5 – LIST OF CRYPTOGRAPHIC KEYS , KEY COMPONENTS , AND CSP S ................................................................ 10 Verdasys Secure Cryptographic Module Page 2 of 15 © 201 2 Verdasys, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy , Version 0.3 August 20, 2012 1 Introduction 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the Verdasys Secure Cryptographic Module from Verdasys, Inc.. This Security Policy describes how the Verdasys Secure Cryptographic Module meets the security requirements of FIPS 140-2 and how to run the module in a secure FIPS 140-2 mode. This policy was prepared as part of the Level 1 FIPS 140-2 validation of the module. FIPS 140-2 (Federal Information Processing Standards Publication 140-2 – Security Requirements for Cryptographic Modules ) details the U.S. and Canadian Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the Cryptographic Module Validation Program (CMVP) website, which is maintained by the National Institute of Standards and Technology (NIST) and the Communication Security Establishment Canada (CSEC): http://csrc.nist.gov/groups/STM/index.html . The Verdasys Secure Cryptographic Module is referred to in this document as VSEC, the cryptographic module, or the module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources: • The Verdasys website ( http://www.verdasys.com ) contains information on the full line of products from Verdasys. • The CMVP website ( http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2010.htm ) contains contact information for individuals to answer technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains: • Vendor Evidence document • Finite State Model document • Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to Verdasys. With the exception of this Non-Proprietary Security Policy, the FIPS 140- 2 Submission Package is proprietary to Verdasys and is releasable only under appropriate non-disclosure agreements. For access to these documents, please contact Verdasys. Verdasys Secure Cryptographic Module Page 3 of 15 © 201 2 Verdasys, Inc. This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy , Version 0.3 August 20, 2012 2 VSEC Module This section describes the Verdasys Secure Cryptographic Module from Verdasys, Inc. 2.1 Overview Verdasys is a pioneer in Enterprise Information Protection (EIP), a data-centric and risk-based approach to security that focuses on information flow and human interaction across an organization. Verdasys’ Digital Guardian provides the foundation necessary for implementing an EIP platform. Through its unique architecture, Digital Guardian reduces the risk of data loss or misuse by its realtime enforcement of corporate security policies, automated encryption of files and emails, and automatic discovery and classification of sensitive data. Digital Guardian protects information at rest, in use, and in motion, mitigating both internal and external risks. Its sophisticated tracking and reporting capabilities provide visibility into how information is used and where it is located. This activity data can then be correlated into actionable intelligence. It can also provide powerful forensic support during investigations into fraud, theft, and malicious activity. Through the enterprise-wide installation of a kernel and user mode component called DG Agent, Digital Guardian provides data protection at the point of use, where it is most vulnerable. Once installed, DG Agent operates invisibly on desktops, laptops, and servers. The integrated framework also consists of a centralized DG Server and DG Management Console , comprising a Web-based command center for the Digital Guardian platform. Figure 1 below gives an overview of the Digital Guardian architecture. Unmanaged PC DG Agent DG Agent without DG Agent DG Agent DG Agent ` Offline DG Agent DG Agent Application File Server Server Activity Data Alerts Policies Violations ▪ Reports ▪ Policy Definition DG ▪ Configuration Management ▪

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    15 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us