TrustCB apply a set of Shared Scheme Procedures for those aspects of Certification Body procedures that are common across the certification schemes operated by TrustCB. For each scheme, a scheme-specific procedure is provided to refine and specify how the Shared Scheme Procedures are to be applied to the given scheme, and to defined any scheme-specific rules. The Shared Scheme Procedures can be downloaded from this webpage. The procedures relating to a given scheme can are located on the webpage relating to that scheme.
TrustCB defines — and protects materials according to — three levels of confidentiality, as described here:
Levels of confidentiality | |
---|---|
Public | Public information is already in the public domain.
Confidentiality of this information does not need to be protected by TrustCB. We do, however, pay refrain from active publication of such information unless it is explicitly intended for publication by us. In particular, information that previously was secret should not be published if it has become public without permission from its owner. Typically treated as Public: Scheme procedures, published certificates, and associated documents (such as Security Targets). |
Sensitive/Confidential | Sensitive/Confidential information should not be made public, but the impact is limited if it were to happen (including evidence for Knowledge of the TOE below or at Restricted level, typically translating to enabling an attack potential of ≦AVA_VAN.3/EAL4/SESIP3/PSA Level 2).
Protection against that occurring can be achieved by means such as commercial online services, which have a reasonable expectation of protection against accidental disclosure or intentional breach by an attacker with low attack potential. Examples of such services are Dropbox, Google Cloud and Apple iCloud services, (unencrypted) e-mail such as the content of TrustCB.com e-mail accounts, and remote conferencing solutions like Hangouts, Webex, and Skype for Business. Typically treated as Sensitive/Confidential: Certification Identifier and product (code)names prior to publication of the certificate, procedural and progress updates, calendar entries, non-secret questions and discussions, applications/offers/purchase orders/invoices, information disclosed about customer and related products not already in the public domain, and internal TrustCB procedures. |
Secret | Information shall be labelled Secret if disclosure could result in serious harm to reputation, access to high-value assets (including those of Knowledge of TOE of Sensitive and higher, or enabling attacks at AVA_VAN.4/EAL5/SESIP4 or higher, including MIFARE), or a destabilising financial impact to an organisation.
Secret information must be available only in plain text form on permanently-offline systems. All Secret information must be decrypted/encrypted on these permanently-offline systems with sufficiently-strong encryption. The decryption key shall be available only on these permanently-offline systems, and protected with a strong passphrase. PGP/GPG with at least 4096-bit RSA keys shall be used at the TrustCB side. The PGP/GPG keys of other, non-TrustCB, side should be at least 2048 bits. All permanently-offline systems shall use full disk encryption and encrypted containers to protect data at rest and isolate client data. Microsoft BitLocker, MacOS FileVault, PGPDisk or TrueCrypt/VeraCrypt shall be used with a strong passphrase. As secret information can only be available in plain text form on a permanently-offline system, all secret information shared via email must be shared as an encrypted attachment (not encrypted email body) to enable the data to be encrypted in a package offline and then transferred to an online machine for transmission, and vice versa. |