strategical
tactical
homeland
cyber

What are certified cloud platforms built on?

In June 2017, one event occurred, the significance of which can only be estimated now. We are talking about obtaining a virtualization platform VMware vSphere (as part of the VMware ESXi hypervisor and VMware vCenter Server) certificate of compliance with the requirements of TP 2013/027 / BY. Despite the fact that ESXi became the second hypervisor to receive the status of a legal protection tool (the first was Red Hat Enterprise Virtualization Hypervisor), only VMware products were used to create cloud platforms that received the certificate of compliance with requirements of the 62 OAC Order. Moreover, the virtualization and network services security platform VMWare NSX, which solves the problems of firewalling, routing, load balancing, and many other things, was a good help for the hypervisor.

But today I want to draw your attention to the functions of a hypervisor that allow you to fulfill the requirements of 62 Orders of the OAC. Since there is no special standard for hypervisors, a security task is used as the basis for certification tests. Unfortunately, it is not customary in our country to post security tasks in the public domain, therefore I will use the site of general criteria and demonstrate how the functional safety requirements relate to the requirements of the OAC Order.

6.1

Ensure time stamps and(or) system time synchronization in the virtual infrastructure and the other information system components.

-

6.2

Establish identification and authentication of the information system subjects and objects in the virtual infrastructure.

FIA_SOS.1

FIA _UAU.2

FIA_UID.2

6.3

Register security events in the virtual infrastructure.

FAU_GEN.1

FAU_SAR.1

6.4

Protect virtual infrastructure from aggressive use by service users.

FRU_FLT.1

FRU_PRS.1

6.5

Protect virtual infrastructure from unauthorized access and network attacks from virtual and physical networks and virtual machines.

FMT_MTD.1

FTA_SSL.3

EXT_VDS_VMM

6.6

Ensure secure remove of virtual machines and their data.

FDP_RIP.1

FPT_ITC.1

FPT_ITT.1

FPT_TEE.1

6.7

Protect archive files, configurations of information security means and virtual infrastructure control software.

FDP_ACC.2

FDP_ACF.1

FDP_IFC.2

FDP_IFF.1

FMT_MSA.1

FMT_MSA.3

FMT_SMR.1

FPT_FLS.1

FTP_TRP.1

EXT_FAU_STG.1

6.8

Back-up information and provide redundant facilities.

-

6.9

Protect virtual infrastructure from malware.

-

6.10

Ensure physical isolation of a virtual infrastructure segment (data storage and processing system), which process restricted access information, except national security information.

-

     As you can see from the table, VMware vSphere allows you to fulfill most of the requirements for ensuring the protection of information in a virtual infrastructure, provided for by the Order of the OAC. The 4 remaining requirements are easily covered by organizational measures and other means of information protection.

All News

Scroll top