Microsoft Windows Common Criteria Evaluation Microsoft Windows 10 (Anniversary Update) Microsoft Windows Server 2016


Appendix A: List of Abbreviations



Yüklə 0,57 Mb.
səhifə14/14
tarix14.10.2017
ölçüsü0,57 Mb.
#4533
1   ...   6   7   8   9   10   11   12   13   14
28.Appendix A: List of Abbreviations

Abbreviation

Meaning

3DES

Triple DES

ACE

Access Control Entry

ACL

Access Control List

ACP

Access Control Policy

AD

Active Directory

ADAM

Active Directory Application Mode

AES

Advanced Encryption Standard

AGD

Administrator Guidance Document

AH

Authentication Header

ALPC

Advanced Local Process Communication

ANSI

American National Standards Institute

API

Application Programming Interface

APIC

Advanced Programmable Interrupt Controller

BTG

BitLocker To Go

CA

Certificate Authority

CBAC

Claims Basic Access Control, see DYN

CBC

Cipher Block Chaining

CC

Common Criteria

CD-ROM

Compact Disk Read Only Memory

CIFS

Common Internet File System

CIMCPP

Certificate Issuing and Management Components For Basic Robustness Environments Protection Profile, Version 1.0, April 27, 2009

CM

Configuration Management; Control Management

COM

Component Object Model

CP

Content Provider

CPU

Central Processing Unit

CRL

Certificate Revocation List

CryptoAPI

Cryptographic API

CSP

Cryptographic Service Provider

DAC

Discretionary Access Control

DACL

Discretionary Access Control List

DC

Domain Controller

DEP

Data Execution Prevention

DES

Data Encryption Standard

DH

Diffie-Hellman

DHCP

Dynamic Host Configuration Protocol

DFS

Distributed File System

DMA

Direct Memory Access

DNS

Domain Name System

DS

Directory Service

DSA

Digital Signature Algorithm

DYN

Dynamic Access Control

EAL

Evaluation Assurance Level

ECB

Electronic Code Book

EFS

Encrypting File System

ESP

Encapsulating Security Protocol

FEK

File Encryption Key

FIPS

Federal Information Processing Standard

FRS

File Replication Service

FSMO

Flexible Single Master Operation

FTP

File Transfer Protocol

FVE

Full Volume Encryption

GB

Gigabyte

GC

Global Catalog

GHz

Gigahertz

GPC

Group Policy Container

GPO

Group Policy Object

GPOSPP

US Government Protection Profile for General-Purpose Operating System in a Networked Environment

GPT

Group Policy Template

GPT

GUID Partition Table

GUI

Graphical User Interface

GUID

Globally Unique Identifiers

HTTP

Hypertext Transfer Protocol

HTTPS

Secure HTTP

I/O

Input / Output

I&A

Identification and Authentication

IA

Information Assurance

ICF

Internet Connection Firewall

ICMP

Internet Control Message Protocol

ICS

Internet Connection Sharing

ID

Identification

IDE

Integrated Drive Electronics

IETF

Internet Engineering Task Force

IFS

Installable File System

IIS

Internet Information Services

IKE

Internet Key Exchange

IP

Internet Protocol

IPv4

IP Version 4

IPv6

IP Version 6

IPC

Inter-process Communication

IPI

Inter-process Interrupt

IPSec

IP Security

ISAPI

Internet Server API

IT

Information Technology

KDC

Key Distribution Center

LAN

Local Area Network

LDAP

Lightweight Directory Access Protocol

LPC

Local Procedure Call

LSA

Local Security Authority

LSASS

LSA Subsystem Service

LUA

Least-privilege User Account

MAC

Message Authentication Code

MB

Megabyte

MMC

Microsoft Management Console

MSR

Model Specific Register

NAC

(Cisco) Network Admission Control

NAP

Network Access Protection

NAT

Network Address Translation

NIC

Network Interface Card

NIST

National Institute of Standards and Technology

NLB

Network Load Balancing

NMI

Non-maskable Interrupt

NTFS

New Technology File System

NTLM

New Technology LAN Manager

OS

Operating System

PAE

Physical Address Extension

PC/SC

Personal Computer/Smart Card

PIN

Personal Identification Number

PKCS

Public Key Certificate Standard

PKI

Public Key Infrastructure

PP

Protection Profile

RADIUS

Remote Authentication Dial In Service

RAID

Redundant Array of Independent Disks

RAM

Random Access Memory

RAS

Remote Access Service

RC4

Rivest’s Cipher 4

RID

Relative Identifier

RNG

Random Number Generator

RPC

Remote Procedure Call

RSA

Rivest, Shamir and Adleman

RSASSA

RSA Signature Scheme with Appendix

SA

Security Association

SACL

System Access Control List

SAM

Security Assurance Measure

SAML

Security Assertion Markup Language

SAR

Security Assurance Requirement

SAS

Secure Attention Sequence

SD

Security Descriptor

SHA

Secure Hash Algorithm

SID

Security Identifier

SIP

Session Initiation Protocol

SIPI

Startup IPI

SF

Security Functions

SFP

Security Functional Policy

SFR

Security Functional Requirement

SMB

Server Message Block

SMI

System Management Interrupt

SMTP

Simple Mail Transport Protocol

SP

Service Pack

SPI

Security Parameters Index

SPI

Stateful Packet Inspection

SRM

Security Reference Monitor

SSL

Secure Sockets Layer

SSP

Security Support Providers

SSPI

Security Support Provider Interface

ST

Security Target

SYSVOL

System Volume

TCP

Transmission Control Protocol

TDI

Transport Driver Interface

TLS

Transport Layer Security

TOE

Target of Evaluation

TPM

Trusted Platform Module

TSC

TOE Scope of Control

TSF

TOE Security Functions

TSS

TOE Summary Specification

UART

Universal Asynchronous Receiver / Transmitter

UI

User Interface

UID

User Identifier

UNC

Universal Naming Convention

US

United States

UPN

User Principal Name

URL

Uniform Resource Locator

USB

Universal Serial Bus

USN

Update Sequence Number

v5

Version 5

VDS

Virtual Disk Service

VPN

Virtual Private Network

VSS

Volume Shadow Copy Service

WAN

Wide Area Network

WCF

Windows Communications Framework

WebDAV

Web Document Authoring and Versioning

WebSSO

Web Single Sign On

WDM

Windows Driver Model

WIF

Windows Identity Framework

WMI

Windows Management Instrumentation

WSC

Windows Security Center

WU

Windows Update

WSDL

Web Service Description Language

WWW

World-Wide Web

X64

A 64-bit instruction set architecture

X86

A 32-bit instruction set architecture


1 This option is not included in the Windows Common Criteria evaluation.

2 Hardware and software

3 Stored or communicated

4 According to a defined metric

5


6 Windows 10 Enterprise and Windows Server 2016 can restrict program execution based on a version; Windows 10 Pro and Windows 10 Home editions cannot.

7 Windows can also run on computers that do not have a TPM, which is the mechanism that provides the hardware-based protection for boot integrity.

8 Windows will prevent a local administrator from disabling auditing for local administrator accounts. If an administrator can bypass auditing, they can avoid accountability for such actions as exfiltrating files without authorization.

9 Note that the 192-bit key size is not used by Windows but is available to developers.

10 The Windows OS Loader implements a SP 800-90 AES-CTR-DRBG and passes along 384 bits of entropy to the kernel for CNG to be use during initialization. This DBRG uses the same algorithms to obtain entropy from the CPU cycle counter, TPM, and RDRAND as described above.

11 In other words, the expected result from the CPU cycle counter, the RDRAND instruction, and the TPM RBG is an apparently random value which will be used as an input to seed the RBG..

12 Running Windows in FIPS validated mode is required according to the administrative guidance.

13 The test results are described in the evaluation and Assurance Activity Reports.

14 In the context of this evaluation, Windows will generate RSA and ECC key pairs as part of establishing a TLS session.

15 In the context of this evaluation, Windows will generate RSA and ECC key pairs as part of establishing a TLS session.

16 See https://msdn.microsoft.com/en-us/library/windows/apps/windows.networking.vpn.aspx.

17 See https://msdn.microsoft.com/en-us/library/windows/desktop/aa380252(v=vs.85).aspx for the win32 interface description for this component.

18 This security management function requires join the computer to one domain and Windows 10 Home Edition does not provide this feature, so this security management function is not applicable.

19 The 64-bit version of the Windows microkernel, ntoskrnl.exe, implements Kernel Patch Protection to prevent the modification of kernel data structures which could be exploited by stack-based vulnerabilities.

20 The PRNG is seeded by the TPM RBG, the RDRAND instruction and other sources.

21 Winload.exe, winresume.exe, and hvloader.exe are loaded before the stack buffer overrun protection mechanism is operational and therefore are not compiled with this option.

22 The evaluated configuration precludes suspending/resuming Windows and so this boot application will not be used when operating Windows per the administrative guidance.

23 This is considered to be a non-operational mode for the evaluation.

24 Note that this is an additional integrity check in addition to the TPM measurements check.

25 Enforcing the Kernel Mode Code Signing policy is mandatory for the x64 version of Windows. For the x86 version of Windows, Windows will check the signatures for all kernel executable code and will halt OS if it detects an integrity error in ntoskrnl.exe, bootvid.dll, hall.dll, kdcom.dll, ci.dll, clfs.dll, ksecdd.sys, pshed.dll, or tpm.sys.

26 Windows Store Applications are typically downloaded from the Windows Store for the Windows 10 operating system, however Windows Server 2016 does not include the Windows Store app. Users of both operating systems can copy the AppX package to their local computer to install the UWP app.

27 OPC is also part of ISO/IEC 2900-2 and ECMA 376-2.

Microsoft © 2016 Page of


Yüklə 0,57 Mb.

Dostları ilə paylaş:
1   ...   6   7   8   9   10   11   12   13   14



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©www.genderi.org 2024
rəhbərliyinə müraciət
    Ana səhifə
Psixologiya