BAS/EAL4+ and LAS/EAL4+ systems organizational environment

Edit online

Certain procedural and organizational requirements must be met for a BAS/EAL4+ and LAS/EAL4+ systems.

The following requirements must be met:
  • Administrators must be trustworthy and well trained.
  • Only users authorized to work with the information on the systems are granted user IDs on the system.
  • Users must use high-quality passwords (as random as possible and not affiliated with the user or the organization). For information about setting up password rules, see Passwords.
  • Users must not disclose their passwords to others.
  • Administrators must have sufficient knowledge to manage security critical systems.
  • Administrators must work in accordance with the guidance provided by the system documentation.
  • Administrators must log in with their personal ID and use the su command to switch to superuser mode for administration.
  • Passwords generated for system users by administrators must be transmitted securely to the users.
  • Those who are responsible for the system must establish and implement the necessary procedures for the secure operation of the systems.
  • Administrators must ensure that the access to security-critical system resources is protected by appropriate settings of permission bits and ACLs.
  • The physical network must be approved by the organization to carry the most sensitive data held by the systems.
  • Maintenance procedures must include regular diagnostics of the systems.
  • Administrators must have procedures in place that ensure a secure operation and recovery after a system failure.
  • The LIBPATH environment variable should not be changed, because this might result in a trusted process loading an untrusted library.
  • Wiretapping and trace software (tcpdump, trace) must not be used on an operational system.
  • Anonymous protocols such as HTTP may only be used for public information (for example, the online documentation).
  • Only TCP-based NFS can be used.
  • Access to removable media is not to be given to users. The device files are to be protected by appropriate permission bits or ACLs.
  • Administrators must not use dynamic partitioning to allocate and deallocate resources. Partition configuration may only be performed while no partitions at all are running.