Skip to main content

2.4.6 Device OS

This section's intended audience are the personnel responsible for the selection of a third-party Operating System or assessing the quality of 'in-house' developed schedulers and control sequencers quality. The term Operating System (OS) is below used for sake of brevity to imply all such options. Guidance is available from the IoTSF [ref 44]1 regarding Secure Operating Systems (part D).

Req NoRequirementCompliance Class And ApplicabilityPrimary KeywordSecondary Keyword
2.4.6.1The OS is implemented with relevant security updates prior to release.Mandatory for Class 2 and aboveBusinessProcess
2.4.6.2Intentionally left blank to maintain requirement numbering-
2.4.6.3All unnecessary accounts or logins have been disabled or eliminated from the software at the end of the software development process, e.g. development or debug accounts and tools.Mandatory for Class 1 and aboveSystemSoftware
2.4.6.4Files, directories and persistent data are set to minimum access privileges required to correctly function.Mandatory for Class 1 and aboveSystemSoftware
2.4.6.5Security parameters and passwords should not be hard-coded into source code or stored in a local file. If passwords absolutely must be stored in a local file, then the password file(s) are owned by, and are only accessible to and writable by, the Device's OS most privileged account and are obfuscated.Mandatory for Class 1 and aboveSystemSoftware
2.4.6.6All OS non-essential services have been removed from the product’s software, image or file systems.Mandatory for Class 1 and aboveSystemSoftware
2.4.6.7All OS command line access to the most privileged accounts has been removed from the OS.Mandatory for Class 1 and aboveSystemSoftware
2.4.6.8All of the product’s OS kernel and services or functions are disabled by default unless specifically required. Essential kernel, services or functions are prevented from being called by unauthorised external product level interfaces and applications.Mandatory for Class 1 and aboveSystemSoftware
2.4.6.9All software is operated at the least privilege level possible and only has access to the resources needed as controlled through appropriate access control mechanisms.Mandatory for Class 1 and aboveSystemSoftware
2.4.6.10All the applicable security features supported by the OS are enabled.Mandatory for Class 1 and aboveSystemSoftware
2.4.6.11The OS is separated from the application(s) and is only accessible via defined secure interfaces.Mandatory for Class 1 and aboveSystemSoftware
2.4.6.12The OS implements a separation architecture to separate trusted from untrusted applications.Mandatory for Class 2 and aboveSystemSoftware
2.4.6.13The product’s OS kernel is designed such that each component runs with the least security privilege required (e.g. a microkernel architecture), and the minimum functionality needed (2.4.6.6 - 2.4.6.8 requires non-essential components are disabled or removed).Mandatory for Class 2 and aboveSystemSoftware
2.4.6.14The Product OS should be reviewed for known security vulnerabilities particularly in the field of cryptography prior to each update and after release. Cryptographic algorithms, primitives, libraries and protocols should be updateable to address any vulnerabilities.Mandatory for Class 1 and aboveSystemSoftware
2.4.6.15As per 2.4.10.5, the user interface is protected by an automatic session idle logout timeout function.Mandatory for Class 1 and aboveSystemSoftware

Footnotes

  1. Enhanced Privacy standard for Anonymous Signatures ISO/IEC20008 [https://www.iso.org/standard/57018.html]