8.3.4.3 SC: Extranet Boundary Controls
Type: Component
Status: Proposed. Version 1.0. Phase 1.0.
Package: 8.0 Support Functions Keywords:
Detail: Created on 2/28/2007. Last modified on.2/28/2007.
GUID: {0DD7B79C-473F-4aa1-953A-F7FC7B5333FE}
The SC: Extranet Boundary Controls security control provides boundary protections at external boundaries.
SC: Extranet Boundary Controls addresses the following functional areas:
1. Cryptographic operations;
2. Public Key Infrastructure;
3. Key management;
4. Peer entity authentication;
5. Data origin authentication;
6. Replay protection;
7. Denial of service protection;
8. Message integrity;
9. Intrusion detection/prevention.
Typical implementations of the SC: Extranet Boundary Controls security control include:
1. Virtual Private Networks (VPNs);
2. Authentication, Authorization, and Accountability (AAA) servers;
3. Stateful packet inspection (up to OSI Layer 4);
4. Stateful deep packet inspection (up to OSI Layer 7);
5. Application proxies; and
6. Access Control Lists.
The protections provided by the SC: Enclave Boundary Controls and SC: Extranet Boundary Controls are similar. They are applied differently to protect against different threats.
8.3.1 Access Control
Type: Component
Status: Proposed. Version 1.0. Phase 1.0.
Package: 8.0 Support Functions Keywords:
Detail: Created on 2/28/2007. Last modified on.2/28/2007.
GUID: {04346AF1-5E6E-4505-AE82-830B0ADF6766}
The Access Control security control family ensures that access to the information system is limited to authorized users, processes, and devices.
Access Control addresses the following functional areas:
1. Account management;
2. Access enforcement;
3. Information flow enforcement;
4. Separation of duties;
5. Least Privilege;
6. Session management; and
7. Supervision and review of user activities.
Typical implementations of the Access Control security family include:
1. Access Control Lists.
8.3.3 Identification & Authentication
Type: Component
Status: Proposed. Version 1.0. Phase 1.0.
Package: 8.0 Support Functions Keywords:
Detail: Created on 2/28/2007. Last modified on.2/28/2007.
GUID: {05352BAC-804C-4704-9527-47ABCE15A98F}
The Identification and Authentication security control family ensures that users of the information system are identified and that their identity is verified prior to allowing access.
Identification and Authentication addresses the following functional areas:
1. User identification and authentication;
2. Device identification and authentication; and
3. Cryptographic module authentication.
Typical implementations of the Identification and Authentication security family include:
1. Username and password;
中国航空网 www.aero.cn
航空翻译 www.aviation.cn
本文链接地址:Functional Architecture for the Data Communication System(94)
