beautypg.com

Requirements for administrators, Requirements for users – Kanguru Common Criteria Evaluated v1.21 User Manual

Page 11

background image

11

2.6 Requirements for administrators

When using the devices in an Enterprise configuration, there MUST be one or more competent individuals

who are assigned to manage the devices. These individuals will have the ability to initialize and reset

devices, reset and change user passwords as well as configure failed authentication handling.

The system administrative personnel MUST NOT be careless, willfully negligent, or hostile, and MUST

follow and abide by the instructions provided by the administrator documentation.

Every person that has the ability to perform administrative actions via UKLA and KRMC has control

over security properties of the devices and could, either by accident or deliberately, undermine security

features of the system. This Configuration Guide provides the basic guidance on how to set up and operate

the system securely, but is not intended to be the sole information required for a system administrator to

learn how to operate the devices securely.

It is assumed, within this Configuration Guide, that administrators who use this guide have a good

understanding and knowledge of operating security principles in general and of the Defender configuration

in particular. We strongly advise that any organization that wants to operate the system in the evaluated

configuration nevertheless have their administrators trained in security principles.

Every organization MUST trust their system administrators not to deliberately undermine the security

of the devices.

This Configuration Guide provides the additional information a system administrator MUST obey when

installing, configuring and operating the devices in compliance with the requirements defined in the

Security Target for the Common Criteria evaluation.

2.7 Requirements for users

Users MUST inspect the device and packaging before use to verify that it has not been tampered with.

The casing and any sealing (of the original packaging) MUST be intact without any marks. If the casing

or seal is broken or has been tampered with, users MUST refuse delivery of the package.

Users MUST ensure that the authentication attribute can not be obtained by spying or shoulder surfing.

Users MUST ensure that the system that they use to access the devices are secure and do not contain any

software that tries to access the devices in an unauthorized fashion.

Users MUST protect the host computer while absent (e.g. via a screen locker) while a device is connected

or disconnect the device.

Users MUST check that the firmware version on the device is the correct CC certified version. For

instructions on verifying the device’s firmware version and a comprehensive list of CC certified version,

please refer to Chapter 5. Common Criteria Certified Versions on page 25.

Requirements and Assumptions

See also other documents in the category Kanguru Storage: