-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy path6. end-user device security practices
50 lines (41 loc) · 2.24 KB
/
6. end-user device security practices
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# End-User Computers
## Grade 1 Security practice requirements:
* Username and Password is required for login.
## Grade 2 Security practice requirements:
* All of Grade 1’s security practices.
* Full Disk Encryption is enabled and active on the laptop.
## Grade 3 Security practice requirements:
* All of Grade 2’s security practices.
* Firewall is whitelisting only and all traffic is blocked by default.
* Swap is stored encrypted.
## Grade 4 Security practice requirements:
* All of Grade 3’s security practices.
* No incoming connections allowed unless related to outbound traffic.
* All downloaded software has had SHA checksum verified with source of software (matching version, build).
* Encrypted Boot Partition.
* Two factor local authentication.
## Grade 5 Security practice requirements:
* All of Grade 4’s security practices
* Outbound traffic whitelisted otherwise all is blocked by default.
* All downloaded software has been downloaded from verified sources.
* All downloaded packages have been signed and verified.
# Smartphones
## Grade 1 Security practice requirements:
* 4 digit minimum pin code required.
* If rooted source of firmware/rom/bootloader/recovery image has been verified as safe.
* If rooted firmware/rom/bootloader/recovery image SHA signiture has been checked and verified with original source of firmware/rom/bootloader/recovery image.
## Grade 2 Security practice requirements:
* All of Grade 1’s security practices
* Phone Encryption is enabled and active on Internal Storage.
* 6 digit minimum pin code required.
## Grade 3 Security practice requirements:
* All of Grade 2’s security practices
* Phone Encryption is enabled and active on External Storage (If applicable).
* alphanumeric password of a minimum of 8 characters required.
## Grade 4 Security practice requirements:
* All of Grade 3’s security practices
* SSH Private Keys for infrastructure or services are not stored on the device (excluding low secuirty/risk services where special mobile device SSH key has been generated)
* No GPG or LUKS/Full Disk Encryption keys stored on the device.
## Grade 5 Security practice requirements:
* All of Grade 4’s security practices
* No senstive information stored locally (this excludes personal data)