2.4.6 Device OS
This section's intended audience are the personnel responsible for the selection of a third-party Operating System or assessing the quality of 'in-house' developed schedulers and control sequencers quality. The term Operating System (OS) is below used for sake of brevity to imply all such options. Guidance is available from the IoTSF [ref 44]1 regarding Secure Operating Systems (part D).
Req No | Requirement | Compliance Class And Applicability | Primary Keyword | Secondary Keyword |
---|---|---|---|---|
2.4.6.1 | The OS is implemented with relevant security updates prior to release. | Mandatory for Class 2 and above | Business | Process |
2.4.6.2 | Intentionally left blank to maintain requirement numbering | - | ||
2.4.6.3 | All unnecessary accounts or logins have been disabled or eliminated from the software at the end of the software development process, e.g. development or debug accounts and tools. | Mandatory for Class 1 and above | System | Software |
2.4.6.4 | Files, directories and persistent data are set to minimum access privileges required to correctly function. | Mandatory for Class 1 and above | System | Software |
2.4.6.5 | Security parameters and passwords should not be hard-coded into source code or stored in a local file. If passwords absolutely must be stored in a local file, then the password file(s) are owned by, and are only accessible to and writable by, the Device's OS most privileged account and are obfuscated. | Mandatory for Class 1 and above | System | Software |
2.4.6.6 | All OS non-essential services have been removed from the product’s software, image or file systems. | Mandatory for Class 1 and above | System | Software |
2.4.6.7 | All OS command line access to the most privileged accounts has been removed from the OS. | Mandatory for Class 1 and above | System | Software |
2.4.6.8 | All of the product’s OS kernel and services or functions are disabled by default unless specifically required. Essential kernel, services or functions are prevented from being called by unauthorised external product level interfaces and applications. | Mandatory for Class 1 and above | System | Software |
2.4.6.9 | All software is operated at the least privilege level possible and only has access to the resources needed as controlled through appropriate access control mechanisms. | Mandatory for Class 1 and above | System | Software |
2.4.6.10 | All the applicable security features supported by the OS are enabled. | Mandatory for Class 1 and above | System | Software |
2.4.6.11 | The OS is separated from the application(s) and is only accessible via defined secure interfaces. | Mandatory for Class 1 and above | System | Software |
2.4.6.12 | The OS implements a separation architecture to separate trusted from untrusted applications. | Mandatory for Class 2 and above | System | Software |
2.4.6.13 | The product’s OS kernel is designed such that each component runs with the least security privilege required (e.g. a microkernel architecture), and the minimum functionality needed (2.4.6.6 - 2.4.6.8 requires non-essential components are disabled or removed). | Mandatory for Class 2 and above | System | Software |
2.4.6.14 | The Product OS should be reviewed for known security vulnerabilities particularly in the field of cryptography prior to each update and after release. Cryptographic algorithms, primitives, libraries and protocols should be updateable to address any vulnerabilities. | Mandatory for Class 1 and above | System | Software |
2.4.6.15 | As per 2.4.10.5, the user interface is protected by an automatic session idle logout timeout function. | Mandatory for Class 1 and above | System | Software |
Footnotes
-
Enhanced Privacy standard for Anonymous Signatures ISO/IEC20008 [https://www.iso.org/standard/57018.html] ↩