IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

interventions which were necessary during installation to arrive at the<br />

configuration sought must be documented. If experience with preceding<br />

versions of the tested product has already been accumulated, an analysis<br />

should be made of how expensive their maintenance was.<br />

Enquiries should be made regarding the extent to which support is offered<br />

by the manufacturer or seller and under what conditions. If a hotline is<br />

offered by the manufacturer or seller, its ease of access and quality should<br />

also be considered.<br />

- Documentation<br />

<strong>The</strong> existing documentation must be checked with a view to whether it is<br />

complete, correct and consistent. In addition to this it should be<br />

understandable, clear, error-free and easy-to-follow.<br />

It must further be monitored whether it is adequate for secure use and<br />

configuration. All security-related functions must be described.<br />

Over and above this, the following additional points of the Requirements<br />

Catalogue must be tested:<br />

- compatibility requirements<br />

- interoperability<br />

- conformity to standards<br />

- adherence to internal rules and legal provisions<br />

- software quality<br />

Security-specific tests<br />

If specific security requirements were placed on the product, in addition to the<br />

trials mentioned above, the following aspects must be examined:<br />

- effectiveness and correctness of the security functions,<br />

- strength of the security mechanisms and<br />

- absolute necessity and unavoidability of the security mechanisms.<br />

As the basis for a security check the <strong>Manual</strong> for the Evaluation of the Security<br />

of <strong>Information</strong> Technology Systems (<strong>IT</strong>SEM) could, for example, be<br />

consulted. This describes many of the procedures shown below. <strong>The</strong><br />

additional comments are an aid to orientation and serve as an introduction to<br />

the topic.<br />

At the outset it must first be demonstrated by functional tests that the product<br />

supplies the required security functions.<br />

Following this, it must be checked whether all the required security<br />

mechanisms were mentioned in the Requirements Catalogue and, if necessary,<br />

this must be amended. In order to confirm or reject the minimum strength of<br />

the mechanisms, penetration tests must be carried out. Penetration tests must<br />

be carried out after all other tests, as indications of potential weaknesses can<br />

arise out of these tests.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!