Aspects
10
Controls
39
Requirements
56
| Aspect ID | Aspect Name | Control ID | Control Name | Requirement ID | Requirement | Level |
|---|---|---|---|---|---|---|
| 1.01 | Key Material Generation | 1.01.1 | Actor-generated Key Material | 1.01.1.1 | Key material is generated by the actor who will be using it. | Level I |
| 1.01 | Key Material Generation | 1.01.1 | Actor-generated Key Material | 1.01.1.2 | Where an automated signing agent will use key material, and the place of generation of key material is different from the place of use. The following criteria are addressed: 1. The key material is generated within a secure Key Management System that meets applicable CCSS requirements. 2. The key material is transferred securely to the automated signing agent from the place of generation that meets applicable CCSS requirements. 3. The key material is securely removed from the place of generation that meets applicable CCSS requirements. | Level I |
| 1.01 | Key Material Generation | 1.01.1 | Actor-generated Key Material | 1.01.1.3 | A digital signature for the key material generation mechanism is generated, published, and validated prior to each execution. | Level II |
| 1.01 | Key Material Generation | 1.01.2 | Validation of Generation Methodology | 1.01.2.1 | The methodology for generating key material is validated prior to use. Software does not include features that restrict which values can be used. Software does not include features that store or transmit data to another actor, unless that feature enhances security. | Level II |
| 1.01 | Key Material Generation | 1.01.2 | Validation of Generation Methodology | 1.01.2.2 | In cases where key material is generated without the use of software, the generation methodology is validated to ensure determinism is not present. | Level II |
| 1.01 | Key Material Generation | 1.01.3 | Deterministic Random Bit Generator (DRBG) Compliance | 1.01.3.1 | The generation mechanism for key material conforms to NIST SP 800-90A. | Level III |
| 1.01 | Key Material Generation | 1.01.3 | Deterministic Random Bit Generator (DRBG) Compliance | 1.01.3.2 | The key material generation process has been documented and addresses the following: 1. The key material generation process must be conducted in a secure environment. 2. The physical environment that will be used for the key material generation process is checked before use for any unauthorised recording/surveillance equipment, windows allowing the key material generation process to be viewed by external personnel, poor physical separation of the area from the main working areas, effective physical access controls to restrict unauthorized access of personnel, backup power supply, environmental controls to protect against electromagnetic interference, sound leakage, or other vulnerabilities that could compromise the process. 3. All equipment and software used for the key material generation process must be checked before use for updates such as new software versions, any signs of tampering, and be in good working order. 4. All moveable equipment such as hardware devices, laptops, and key material is secured from unauthorized access when not in use. 5. A detailed runbook defines all steps performed during the key material generation process. After the completion of each step, the participating actors sign off in the runbook stating that the step was performed and checked. 6. All roles participating in the key material generation process must be defined and utilized. Segregation of duties must be considered when allocating personnel to roles. 7. Each actor involved in the key material generation process must independently generate their own discrete key material. In a multi-signer scheme, no single actor is permitted to generate key material that will be used by another actor unless the actor is an automated signing agent. (Refer to requirements 1.01.1.1 and 1.01.1.2.) | Level III |
| 1.01 | Key Material Generation | 1.01.4 | Entropy Pool | 1.01.4.1 | Key material is generated on a Key Management System with sufficient entropy to ensure key material is not generated with any bias towards a reduced range of values, or other deterministic properties. | Level I |
| 1.02 | Wallet Generation | 1.02.1 | Signing Configuration | 1.02.1.1 | When considering the application of a single-signer mechanism to a wallet, the following criteria are addressed: 1. The criticality of the wallet to the CCSS Trusted Environment. 2. The impact of loss of customer funds controlled by the wallet. 3. The risk of a wallet compromise is included in the threat model defined in requirement 2.03.2.1. 4. The effectiveness of the security controls implemented to protect the wallet. | Level II |
| 1.02 | Wallet Generation | 1.02.2 | Key Material Redundancy | 1.02.2.1 | A wallet that has implemented a multi-signer mechanism has at least one redundant key for recovery purposes. | Level II |
Page 1 of 6