Re: [PATCH 04/21] Mapped CCI-001126 to requirement_unclear.
On 7/3/12 6:52 PM, Willy Santos wrote:
CCI-001126 requires the OS to fail securely inthe event of an
operational failure of a boundary protection service. This mapping is a request for
input/discussion.
Signed-off-by: Willy Santos <wsantos(a)redhat.com>
---
rhel6/src/input/auxiliary/srg_support.xml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/rhel6/src/input/auxiliary/srg_support.xml
b/rhel6/src/input/auxiliary/srg_support.xml
index caf0ac4..e7d324b 100644
--- a/rhel6/src/input/auxiliary/srg_support.xml
+++ b/rhel6/src/input/auxiliary/srg_support.xml
@@ -38,7 +38,7 @@ The requirement is impractical or out of scope.
<description>
It is unclear how to satisfy this requirement.
</description>
-<ref disa="20,31,218,219,224,1097,1159,1125" />
+<ref disa="20,31,218,219,224,1097,1159,1125,1126" />
</Group> <!-- end requirement_unclear -->
<Group id="new_rule_needed">
SRG-OS-000156 CCI-001126 The operating system must fail securely in
the event of an operational failure of a boundary protection device.
Fail secure is a condition achieved by the operating system employing a
set of information system mechanisms to ensure, in the event of an
operational failure of a boundary protection device at a managed
interface, the system does not enter into an unsecure state where
security properties no longer hold.
Generally "boundary protection device at a managed interface" ==
firewalls, switches, etc
I'm unaware of a trusted/reliable method for an OS to detect such a
failure. Maintain a ping to the firewall and if it drops, fail securely?
Attempt to login to the boundry device, and if failure, crash the OS?
Arguably a valid requirement, but I'm not convinced it belongs at the OS
level. impractical_guidance IMHO.
Attachments:
- attachment.html (text/html — 3.2 KB)