17. Appendix III - Operating Work Instructions [OWIs] | Digi-Sign, The Certificate Corporation

HSM OWI

Scope:

The purpose of this document is to provide full Operating Work Instructions for the use, maintenance and support of the HSM in place at CIO

Responsibility & Asset Ownership:

[Please Indicate – probably Information Security Manager] is responsible for ensuring that this OWI is fully implemented and regularly updated to reflect any changes in the environment at CIO. As per the asset list the {Indicate – probably Information Security Manager] is the owner of the assets covered in this OWI.

Details of the Operating Work Instruction:

1. The business specification and user requirements (usability and user friendliness) for the system

The nCipher net HSM is a hardware platform for providing cryptographic services to enhance the security of a variety of applications - from PKI and authentication systems to Web services and SSL protected communications. The net HSM acts as a network-attached resource for secure cryptographic processing, providing an alternative deployment scenario to the traditional approach of dedicated HSMs on individual servers. By allowing multiple servers to securely access a single HSM to perform cryptographic functions, overall equipment costs can be reduced and system management simplified. Whilst dedicated HSMs are appropriate for security applications and servers that demand guaranteed availability and/or processing power, many deployments encompass multiple servers, either in a single site or across a wide
geographic area, where a shareable, network connected HSM is a perfect solution.

The CIO uses the nCipher HSM device (herein referred to as “HSM”) to securely generate and store the private keys for the CAs it operates.

The HSM device has been designed to remove any daily administration responsibilities from the administering users. The daily administration duties of the HSM device are reduced to a minimum and are internally performed by a self automated system management control mechanisms, that reside inside the HSM device. On a scheduled basis, CIO users appointed as administrators of the HSM device, are required to inspect the HSM operations by checking the log report accessible on the front panel screen of the HSM device.

The daily operating duties of the HSM are limited to the cryptographic signing operations and on periodic basis, the HSM device may be used by the CIO to generate fresh cryptographic keys when a new CA is created. In the event of a new CA creation, the generation of new private keys is performed in a secure environment, video recorded, documented, witnessed and notarized thus assuring, that highest security is in place.

The device has a text based interface provided through the flat screen residing on the front panel of the HSM device.

All features and functionalities provided by the HSM device are documented and described in the hardware installation, administration and operation manuals available to CIO personnel.

2. The operational efficiency of the system - i.e. does it deliver the business benefits expected of it?

Since this is a hardware device, no maintenance is required to keep the device in an ongoing operational state. The supplied hardware documentation available to CIO personnel describes all features and functionalities provided by the HSM device, including installation guides, configuration instructions and error correction.

3. Basic implementation guide for the system (where does it sit on the IT, ICT or electric network (connectivity wise), how users are set-up, administration console, basic maintenance and back up (see below), disaster recovery functionality (if applicable)

The HSM device is located in the CIO’s highly secured data centre: ISA Town, which has two independent power supply sources, one from an external power supplier and the second from the CIO’s internal power generator. The power provided to the HSM device is isolated from other power segments inside the data centre building, thus meeting the independency and failover requirements in the event of any power failure or circuit overload.

The HSM deployment architecture includes a multi two HSM devices configured for High Availability. This mechanism balances the usage of network and hardware resources between two HSM devices and thus provides greater system performance and fail over support. The diagram below illustrates the current CIO’s deployment architecture of the Digi-CA™ PKI System, with which the two HSM devices have been configured for operation:

Both HSM devices are placed in a dedicated, CISCO firewall/switch protected network segment. The CA core network in ISA Town, to which the HSMs are connected, is isolated from other corporate networks inside CIO and physical access to the Inner and Outer Core rooms as presented on the above diagram, is strictly protected with biometric devices and video camera monitoring performed 24 hours per day throughout the entire year.

The HSM devices, which are located in the Inner Core room inside the ISA Town Data Centre building, are the central cryptographic operation processing units for the CA System deployed inside CIO. Each HSM is connected to a dedicated back-end server hosting the relevant CA System components and both of the back-end servers have been configured for High Availability and provide a failover mechanism to the operation of CA System. The HSM provides the following main functionalities:

Each of the above functionalities is documented in the hardware manual available to CIO administering and operating personnel.

4. The identified acceptance criteria
The installation and configuration of the HSM devices inside the CIO has been completed with the accordance to the hardware installation manual available to the CIO personnel. The manual provides a step by step instruction set allowing the administering users to correctly install and configure an HSM device. Upon successful installation of each device, a manual device operation check was run by the administering user to ensure the device has been installed and configured correctly and is up and running. For this purpose, a HSM support toolkit provided by the device vendor was used. Before the system was switched into a production environment, a set of test private keys was generated to ensure the HSMs are operating correctly. After each test, the HSM log was inspected to verify whether each operation was accomplished correctly.

The set of testing operations for CA AMC included:

All operations have been performed with the accordance to the hardware administration and operation manual available to CIO personnel.

5. The Organization's performance requirements and current capacity

CIO expects Digi-CA™ HSM to store up to 100 private keys of either 1024 bits, 2048 bits or 4096 bits size and sign around 100 000 Digital Certificates in total, provided the current deployment architecture and allocated hardware capacity for the CA System. The maximum number of digital certificates issued per day will not reach 10 000. The CA System deployment architecture is expected to support 24/7/365 availability and currently there is no requirement for CIO to have an online disaster recovery centre. In an event of an irrecoverable major system or hardware failure, all disaster recovery activities will be carried out manually by the CIO appointed administering personnel, by recreating the CA System environment or loading configuration to a HSM device from backup resources. The above performance requirements have been measured, confirmed and tested by the CA System software and HSM hardware vendors and they meet the CIO requirements stated above.

6. Methods of error recovery, system restart and contingency plans

The HSM device provides extended system operation control mechanisms, that automatically raise an alert when a critical exception error is encountered during the operations of the device. The alert is immediately logged in the HSM log. The HSM log is accessible to CIO appointed administering users from the flat screen residing on the front panel of the device or from the operating system command prompt of the server connecting to the HSM device. All exception error log entries are reported by HSM device using a unique error number and associated descriptive text, that informs the inspecting user about the type of the error and why it was generated. This architecture provides CIO administering users with an easy mechanism for identifying the source for the error and allows immediate correction of the problem. For irrecoverable or unidentified errors, CIO administering users should contact the hardware vendor to obtain further assistance.

7. Methods of testing the systems routine operating procedures (and, where appropriate, manual procedures) to defined and agreed standards

The HSM administering users should perform regular inspections of HSM log to verify the correctness of its operations.

To ensure, that HSM devices are not vulnerable to any attacks or exploits, CIO appointed administering personnel should perform a weekly CA System network scans searching for possible new vulnerabilities.

The CISO network devices used inside the CA System network, such as firewalls and switches are equipped with network Intrusion Detection Systems [IDS], which constantly monitor all network traffic within the CA System network and immediately alert all administering users in an event of an intrusion attempt. These devices are configured by default to automatically disable any connectivity for a potential attacker. Administering users should additionally analyze the IDS reports on a weekly basis to attempt to identify any suspicious communication directed to any of the CA System Services or HSM devices.

8. The set of required security controls (for the systems and in terms of any impact on the overall organization) that were identified at project initiation

Physical access to the CA System core location, where HSM devices are placed, should be protected with biometrics and should be divided into multiple access points excluding the existence of a single access point. CIO has assigned its secure Data Centre in ISA Town to install both HSM devices. This location provide security guarding of the building entrance, camera monitoring of entire building, biometric access to Data Centre IT operations rooms and book logging for all entries and exists.

Network access to the CA System, where HSM devices reside, is divided into two general segments: public and private. While the public segment can be accessed by any one through Internet, private segment is strictly secured for internal communications only and disabled for external access. In the CIO deployment architecture of the CA System, public access is allowed only to the Services located in the Juffair Data Centre building and it includes RA Registration Service, Time-Stamping Service and OCSP Service. The HSM devices are accessible only to the CSP Service installed on two dedicated back-end servers residing in the Outer Core room inside the ISA Town Data Centre building. For authentication purposes, hardware cryptographic devices are installed on each of the back-end servers to ensure that no other server can connect to any of the HSM devices. All communication to the HSM devices is encrypted using strong cryptography standards and a cryptographic authentication mechanisms are in place to ensure that only authorized Services can access the HSM device resources.

9. Methods of testing for covert channels and Trojans

The HSM devices use industry standard cryptography, encryption mechanisms and hardware cryptographic devices for secure communications, such as AES encryption and nCipher nToken PCI devices, therefore ensuring, that no man-in-the-middle attack can succeed and no unauthorized party can obtain sensitive data or spoof the identity of the accessing Service. The operating core of the CA System, where HSMs are located, is isolated from any external networks such as Extranets or Internet and access to HSM devices is only possible after successful authentication using strong cryptographic mechanisms. Leaving the devices with no write-access from Internet or any external networks, makes enough protected against unwanted application and computer viruses circling throughout the Internet. The physical and network isolation of the HSM devices along with strict network access control policies in place, significantly reduce the possibility of an injection of a computer virus or an application commonly referred to as a Trojan Horse. Given the architecture of the device, it is not possible to inject any third party application code without prior cryptographic authentication to the device.

10. Business continuity arrangements (as you know this is to simply rebuild a new environment, but we need an outline of the cause & affects)

The CIO currently does not require an online disaster recovery solution and relies on multi service High Availability configuration of the CA System and failover configuration of two HSM devices. In an event of a failure of one HSM device, a second device will be used instead.

In an event of irrecoverable failure, the HSM devices will either be re-initialized or replaced with new hardware and system environment will be rebuild from scratch and HSM configuration data will be restored from the most recent backup stored on a dedicated backup server. The HSM hardware manual documents the process of hardware installation and CIO administering personnel should refer to the manual for instructions related to hardware installation and recovery from a major HSM failure.

The reinstallation and recovery of the HSM device should take no more than 48 hours. During the outage period Digital Certificates issued by the CA System, which uses the HSM devices, will remain valid and therefore the event will not affect the business continuity of the CIO nor will it cause any damage to End Entities to whom certificates are issued.

11. Interactions with other systems, to ensure that the new system will not adversely affect existing systems, including in capacity requirements

The preliminary calculation of device capacity utilization of the was performed by the CIO during the project initialization phase and therefore a sufficient capacity and hardware resources were allocated to the CA System upon installation, allowing the HSM hardware to continue an uninterrupted operations utilizing the necessary capacity for around 100 private keys and signing around 100 000 digital certificates in total. During the maintenance period, CIO appointed administering users will inspect the hardware performance logs once per 6 months and produce a report based on which the CIO will decide whether an additional hardware resource allocation or hardware replacement is required.

The hardware, network and physical location resources dedicated for the CA System have been completely separated by the CIO from any of its other network and application layer segments. Both HSM devices, that the CA System is using, are solely dedicated to the operation of the CA infrastructure and therefore do not interact nor interfere with any other network and software solutions, applications and facilities deployed inside CIO. The operations of the HSM devices does not have any technical impact on any of the areas of the CIO’s daily operations.

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November, 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

Digi-CA OWI

Scope:

The purpose of this document is to provide full Operating Work Instructions for the use, maintenance and support of the Digi-Ca in place at CIO

Responsibility & Asset Ownership:

Details of the Operating Work Instruction:

1. The business specification and user requirements (usability and user friendliness) for the system

Digi-CA™ PKI System (herein referred to as: “CA System”) is the complete Certificate Authority [CA] system deployed inside Central Informatics Organization [CIO], which required to have its own CA to provide enhanced communication security and identity assurance to its own organization and to Bahraini Citizens. The CA System issues the Digital Certificates, in conformance with RFC 3280 standard, that are used by the CIO personnel and Bahraini Citizens for two factor authentication, electronic signatures and email protection. The CA System also issues Digital Certificates, that are used by the CIO to introduce client-to-device and device-to-device authentication using public key cryptography.

The CIO uses CA System to create multiple instances of unique CAs in a single CA System installation. The Digi-CA™ model imposes delegation of trust downwards from Root CAs to their Subordinate Certification Authorities [Sub-CAs]. The same installation of Digi-CA™ also enables any of these CAs to be cross signed by an external third party CA and any number of CAs can have any number of cross signed Subordinate CAs. This CA model is a requirement for CIO, which intends to deliver unique CA services to various governmental departments inside the Kingdom of Bahrain and to the Bahraini Citizens.

The daily administration duties of the CA System are reduced to a minimum and are internally performed by a self automated system management control mechanisms, that reside inside the CA System. On a scheduled basis, CIO users appointed as administrators of the CA System, are required to inspect the CA System operations by checking the log report and the service status report, which are both accessed through a web based CA Administration Management Console [CA AMC] or alternatively can be viewed directly from the Operating System command prompt console.

The daily operating duties of the CA System are limited to the issuance, revocation or suspension of Digital Certificates to the requesting entities, Bahraini Citizens, government institutions or CIO personnel. CIO users appointed as Registration Authority [RA] Operators can issue, revoke, suspend and de-suspend digital certificates by accessing a web based RA Management Console [RA MC] GUI.

All features provided by GUI management interfaces of the CA system, such as CA AMC and RA MC consoles, are logically grouped and easy to access upon successful authentication through an intuitive graphical menu. The CIO users appointed as administrators and operators, can easily access relevant console features without having great prior knowledge of PKI technology or CA System architecture.

The software manual provided by the CA System software vendor delivers the necessary documentation needed to administer and operate the CA system. CIO users should refer to this manual to identify the meaning of all CA System and individual console functionalities, the scope of their administering and operating responsibilities as well as deployment and configuration guidelines.

2. The operational efficiency of the system - i.e. does it deliver the business benefits expected of it?

The maintenance of the CA System has been made easy to perform by the software vendor to an extend where a non technical personnel, having basic understanding of the software manual, can perform the necessary activities to correctly maintain the system to allow its uninterrupted operations. Daily duties of CIO users appointed as system administrators have been reduced to weekly inspections of the correct system operations. The necessary administering activities can be performed on a weekly basis by an authenticated personnel only, using a web based CA AMC GUI, through which users can view status reports of various CA System services and inspect the CA System logs to verify the correctness of its operations. All reporting information produced by the CA System provides a unique identifying number for a reported event as well as its intuitive and easy to understand textual description. The log reporting feature introduces different type of log entries, therefore it is easy for the CIO personnel to distinguish log entries between informational messages, critical errors and warning alerts. This enables CIO personnel with the ability to correctly inspect the system operations and troubleshoot any errors encountered during the CA System operations.

The CA System clearly distinguishes the roles and responsibilities of individual users, therefore administering the system is explicitly separated from the operating activities, which do not require from the appointed CIO personnel any technical knowledge related to the CA System administration as well as any knowledge in cryptography or Public Key Infrastructure industry standards. By following processes driven by the CA System, operating users can easily issue, revoke, suspend and de-suspend digital certificates. All administering and operating procedures are clearly documented in the CA System manual provided by the software vendor.

The Digi-CA™ PKI System software suite is a multi application component based PKI system for managing cryptographic keys, Digital [X.509] Certificates and supplemental PKI related services. Each application component (herein referred to as “Service”) provides a series of defined functionalities to other PKI application components of the system, as well as to administering and operating parties, as well as to end entities, to whom certificates are issued. This CA System is built with the following modules:

a. CA Application Server [CA APS]
b. Cryptographic Service Provider [CSP]
c. Time-Stamp Gateway Server [TSA Gateway]
d. Online Certificate Status Protocol Gateway Server [OCSP Gateway]
e. CA Administration Management Console [CA AMC]
f. Registration Authority [RA] Management Console [RA MC]
g. Registration Authority [RA] Registration Service [RA RS]
e. CA Database Server [CA DB]

All of the CA System components are located in the CIO’s highly secured data centres: ISA Town and Juffair, which both have two independent power supply sources, one from an external power supplier and the second from the CIO’s internal power generator. The power provided to the CA System is isolated from other power segments inside the data centre buildings, thus meeting the independency and failover requirements in the event of any power failure or circuit overload.

The CA System deployment architecture includes a multi server Service distribution model for each PKI application component provided by the CA System. This mechanism balances the usage of network and hardware resources between several server devices and thus provides greater system performance and fail over support. The diagram below illustrates the current CIO’s deployment architecture of the Digi-CA™ PKI System:

Each Service of the CA System is placed in a dedicated, CISCO firewall/switch protected network segment. The CA core network in ISA Town is isolated from other corporate networks inside CIO and physical access to the Inner and Outer Core rooms as presented on the above diagram, is strictly protected with biometric devices and video camera monitoring performed 24 hours per day throughout the entire year.

The CA Administration Management Console [CA AMC], which is installed on two dedicated back-end servers located in the Outer Core room inside the ISA Town Data Centre building, is a central CA management panel GUI for CIO users appointed as CA Administrators and CA Operators. The two back-end server hosting the CA AMC has been configured for High Availability and provide a failover mechanism to the operation of CA AMC component. The console provides the following main functionalities:

Each of the above functionalities is documented in the CA System manual available to CIO administering and operating personnel.

The RA Management Console [RA MC], which is installed on a dedicated front-end server located in the Outer Core room inside the ISA Town Data Centre building, is a central RA management panel GUI for CIO users appointed as RA Administrators and RA Operators. The front-end server hosting the RA MC provides the first point of access for the RA Operations Centre, from where RA Administrators and RA Operators can access the console features. This Service has been also installed on two front-end servers, configured for High Availability, located inside the Juffair Data Centre building, to provide – if necessary - a failover support as a second access point for the RA Operations Centre, from where RA Administrators and RA Operators can access the console. The RA MC console provides the following main functionalities:

Each of the above functionalities is documented in the CA System manual available to CIO administering and operating personnel.

The RA Registration Service [RA RS], which is installed on a dedicated front-end server located in the Outer Core room inside the ISA Town Data Centre building, is a central panel GUI for certificate subscribers [End Entities], to whom digital certificates are issued. The front-end server hosting the RA RS provides the first point of access for the RA Operations Centre, from where End Entities can access the Service features. This Service has been also installed on two front-end servers, configured for High Availability, located inside the Juffair Data Centre building, to provide second access point for End Entities, who can access the Service through the Internet. The RA RS console provides the following main functionalities:

Each of the above functionalities is documented in the CA System manual available to CIO administering and operating personnel.

The CA Application Server, which is installed on two dedicated back-end servers located in the Outer Core room inside the ISA Town Data Centre building, is an internal module of the CA system and is self-operated, meaning it does not provide or require any user management or user access functionalities. Only a CIO appointed administering personnel acting as the operating system super user can stop or start this service. The Service is registered by the administering user through the CA AMC. This Service can be accessed only by another CA System Service, that was previously registered within the CA system.

Cryptographic Service Provider is an internal module of the CA system, which is installed on two dedicated back-end servers, configured for High Availability, located in the Outer Core room inside the ISA Town Data Centre building. This Service is self-operated and does not provide or require any user management or user access functionalities. Only a CIO appointed administering personnel acting as the operating system super user can stop or start this Service. The Service is registered with the CA System by administering user through the CA AMC. This Service is not accessible to any user or other Service of the CA System.

Time-Stamp Service Gateway Server is a user accessible Service of the CA System, which is installed on two dedicated front-end servers, configured for High Availability, located in the Juffair Data Centre building. This Service is self-operated and does not provide or require any user management functionalities. It however authenticates, using a username and password, all individual subscribed users being the Citizens of Bahrain or any other Time-Stamping Service subscribed users against the CA Database before access to the Service can be provided to the user. Only a CIO appointed administering user acting as the operating system super user can stop or start this Service. The Service is registered with the CA System by the administering user through the CA AMC. This Service has been designed to be accessed by public Internet community as well as by CIO personnel.

Online Certificate Status Protocol Gateway Server is a user accessible Service of the CA System, which is installed on two dedicated front-end servers, configured for High Availability, located in the Juffair Data Centre building. This Service is self-operated and does not provide or require any user management functionalities. It however provides an open access to end users requiring OCSP service, as defined in the RFC 2560 standard. This Service has been designed to be accessed by public Internet community as well as by CIO personnel.

The CA Database is a SQL based database server, which is installed on two dedicated back-end servers, configured for High Availability, located in the Outer Core room inside the ISA Town Data Centre building. This Service is self-operated and provides the central storage facility for CA System managed data. Access to the CA DB resources is possible only to authenticated Services of the CA System and to the CIO appointed personnel acting as the super user of the operating system, who can access database for low level operations from the operating system command prompt. Each Service or administering user accessing the database resources must pass two factor authentication:

The CA DB does not store any security critical data such as CA or End Entity private cryptographic keys and therefore it is not considered as a critical security point in the overall architecture of the deployed CA System. The CA DB data is backed up regularly on a daily basis and the backup data is automatically stored on a dedicated backup server residing in the ISA Town Data Centre building.

4. The identified acceptance criteria.

The installation of the CA System inside the CIO has been completed with the accordance to the software installation manual available to the CIO personnel. The manual provides a step by step instruction set allowing the administering users to correctly install and configure each of the CA System Services. Upon successful installation of each Service, a manual Service operation check was run by the administering user to ensure the Service has been installed correctly and is up and running. For this purpose, the Service Status Reporting of the CA AMC was used. Before the system was switched into a production environment, a set of test activities were performed to ensure entire CA System is operating correctly. After each test, the CA System log was inspected to verify whether each operation was accomplished correctly.

The set of testing operations for CA AMC included:

1. Logging to the CA AMC
2 Accessing all CA AMC features
3. Registering new Services (RA MC, RA RS, CA APS, TSA, OCSP)
4. Inspecting Service Status Report
5. Creating new Administrative Accounts
6. Creating new CA Accounts
7. Creating new RA Accounts
8. Inspecting CA System log

The set of testing operations for RA MC included:

1 Logging to the RA MC.
2 Inspecting certificate utilization report.
3 Creating new Digital Certificate.
4 Creating a multiple number of Digital Certificates in a batched process.
5 Creating new Time-Stamping Service users.
6 Inspecting Activity log.

The set of testing operations for RA RS included:

1 Accessing the RA RS.
2 Requesting new Digital Certificate.
3 Revoking a Digital Certificate.
4 Suspending a Digital Certificate.
5 De-suspending a Digital Certificate.
6 Installing a Digital Certificate on an End Entity computer.
7 Installing a Digital Certificate on an End Entity Cryptographic Hardware Device.

Test set of testing operations for CA APS in combination with Time-Stamping Gateway included:

1 Requesting a Time-Stamp Token.
2 Verifying the Service response.

Test set of testing operations for CA APS in combination with OCSP Gateway included:

1 Requesting an OCSP response.
2 Verifying the Service OCSP response.

All operations have been performed with the accordance to the CA System manual available to CIO personnel.

5. The Organization's performance requirements and current capacity

CIO expects Digi-CA™ System to issue around 100 000 Digital Certificates in total, provided the current deployment architecture and allocated hardware capacity. The maximum number of digital certificates issued per day will not reach 10 000. The CA System deployment architecture is expected to support 24/7/365 availability and currently there is no requirement for CIO to have an online disaster recovery centre. In an event of an irrecoverable major system failure, all disaster recovery activities will be carried out manually by the CIO appointed administering personnel, by recreating the CA System environment from backup resources. The above performance requirements have been measured, confirmed and tested by the CA System software vendor and they meet the CIO requirements stated above.

6. Methods of error recovery, system restart and contingency plans.

The CA System provides extended system operation control mechanisms, that automatically raise an alert when a critical exception error is encountered during the operations of any of the system Services. The alert is immediately logged in the CA System log and delivered through an SMTP messaging system to all registered administering users. The CA system log is accessible to CIO appointed administering users from a web based management console [CA AMC] or from the operating system command prompt. All exception error log entries are reported by CA System using a unique error number and associated descriptive text, that informs the inspecting user about the type of the error, the Service that generated it and the line of the application code, at which the error has occurred. This architecture provides CIO administering users with an easy mechanism for identifying the source for the error and allows immediate correction of the problem. For irrecoverable or unidentified errors, CIO administering users should contact the software vendor to obtain further assistance.

7. Methods of testing the systems routine operating procedures (and, where appropriate, manual procedures) to defined and agreed standards

The CA System administering users should perform regular inspections of CA System log to verify the correctness of its operations.

To ensure, that CA System Services are not vulnerable to any attacks or exploits, CIO appointed administering personnel should perform a weekly CA System network scans searching for possible new vulnerabilities.

The CISO network devices such used inside the CA System network, such as firewalls and switches are equipped with network Intrusion Detection Systems [IDS], which constantly monitor all network traffic within the CA System network and immediately alert all administering users in an event of an intrusion attempt. These devices are configured by default to automatically disable any connectivity for a potential attacker. Administering users should additionally analyze the IDS reports on a weekly basis to attempt to identify any suspicious communication directed to any of the CA System Services.

8. The set of required security controls (for the systems and in terms of any impact on the overall organization) that were identified at project initiation

Physical access to the CA System core location should be protected with biometrics and should be divided into multiple access points excluding the existence of a single access point. CIO has assigned its secure Data Centre in ISA Town and Juffair to host the CA System. Both locations provide security guarding of the building entrance, camera monitoring of entire building, biometric access to Data Centre IT operations rooms and book logging for all entries and exists.

Network access to the CA System is divided into two general segments: public and private. While the public segment can be accessed by any one through Internet, private segment is strictly secured for internal communications only and disabled for external access. In the CIO deployment architecture of the CA System, public access is allowed only to the Services located in the Juffair Data Centre building and it includes RA Registration Service, Time-Stamping Service and OCSP Service. The remaining Services of the CA System are using strong cryptography standards for encrypting the communication from User-to-Service as well as Service-to-Service and a cryptographic authentication mechanisms are in place to ensure that only authorized identities can access relevant system resources.

9. Methods of testing for covert channels and Trojans

The CA System uses industry standard cryptography and encryption mechanisms for secure communications, such as Secure Socket Layer and Transport Layer Security protocols between Service, therefore ensuring, that no man-in-the-middle attack can succeed and no unauthorized party can obtain sensitive data or spoof the identity of the accessing user or device. The operating core of the CA System is isolated from any external networks such as Extranets or Internet and access to individual CA System Services is only possible after successful authentication using strong cryptographic mechanisms, such as SSL Client Authentication. Leaving the system with no write-access to Internet or any external networks, makes enough protected against unwanted application and computer viruses circling throughout the Internet. The physical and network isolation of the CA System along with strict network access control policies in place, significantly reduce the possibility of an injection of a computer virus or an application commonly referred to as a Trojan Horse.

10. Business continuity arrangements (as you know this is to simply rebuild a new environment, but we need an outline of the cause & affects)

The CIO currently does not require an online disaster recovery solution and relies on multi service High Availability configuration of the CA System. Each of the CA System Services has been distributed to two dedicated servers configured for High Availability to enable support for failover in an event of a failure of one server.

In an event of irrecoverable failure, the CA System will be rebuild from scratch and configuration and database data will be restored from the most recent backup stored on a dedicated backup server. The CA System software manual documents the process of system installation and CIO administering personnel should refer to the manual for instructions related to system installation and recovery from a major system failure.

The reinstallation and recovery of the entire CA System should take no more than 48 hours. During the outage period Digital Certificates issued by the CA System will remain valid and therefore the event will not affect the business continuity of the CIO nor will it cause any damage to End Entities to whom certificates are issued.

11. Interactions with other systems, to ensure that the new system will not adversely affect existing systems, including in capacity requirements

The preliminary calculation of drive capacity utilization of the CA System was performed by the CIO during the project initialization phase and therefore a sufficient capacity and hardware resources were allocated to the CA System upon installation, allowing it to continue an uninterrupted operations utilizing the necessary capacity for around 100 000 digital certificates. During the maintenance period, CIO appointed administering users will inspect the utilization process of the drive capacity and hardware resources once per 6 months and produce a report based on which the CIO will decide whether an increase of the drive capacity or additional hardware resource allocation or hardware replacement is required.

The hardware, network and physical location resources dedicated for the CA System has been completely separated by the CIO from any of its other network and application layer segments. All hardware and software components, that the CA System is using, are solely dedicated to its operation and therefore do not interact nor interfere any other network and software solutions, applications and facilities inside CIO. The operations of the CA System does not have any technical impact on any of the areas of the CIO’s daily operations.

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November, 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

Monitors, Mouse & Keyboards, KBMs, Coaxial Cables & Network Points OWI

Scope:

The purpose of this document is to provide full Operating Work Instructions for the use, maintenance and support of the Monitors, Mice and Keyboards in use within the framework of the PKI CA.

Responsibility & Asset Ownership:

The Network Manager is responsible for ensuring that this OWI is fully implemented and regularly updated to reflect any changes in the environment at CIO. As per the asset list the Network Manager is the owner of the assets covered in this OWI.

Details of the Operating Work Instruction:

A. Monitors

Monitors are to be plugged into a PC or Server for which it has been allocated (cross referenced in the asset list). Monitors should be switched to power saving mode when not used.

Monitors are to be kept clean of dust and users may not leave drink or food beside monitors.

Monitors are not under warranty. No specific support contract is in place to replace monitors within agreed periods of time should the monitor become faulty. [SUPPLIER] can be contacted as per the details on the suppliers register to organize replacement unit(s). In the meantime, users may decide in conjunction with the Information Security Manager and Network Manager whether it might be appropriate to unplug a monitor used in another machine (PC or Server) to plug it back into the machine whose assigned monitor is faulty. When replacement units are delivered and implemented, existing units should be returned to their original place. Any such decision and associated action must be documented and signed off by the Information Security Manager and the Network Manager.

Monitors may not be taken out of the CA rooms without prior approval from the information security manager under any circumstances whatsoever.

B. Mouse

CIO use a number of various models of “mouse”. Each mouse is to be plugged into a PC or Server for which it has been allocated (cross referenced in the asset list).

Each mouse is to be kept clean of dust and users may not leave drink or food beside mouse.

No mouse is under supplier warranty. No specific support contract is in place to replace mouse units within agreed periods of time should they become faulty. [SUPPLIER] can be contacted as per the details on the suppliers register to organize replacement unit(s). In the meantime, users may decide in conjunction with the Information Security Manager and Network Manager whether it might be appropriate to unplug a mouse used in another machine (PC or Server) to plug it back into the machine whose assigned mouse is faulty. When replacement units are delivered and implemented, existing units should be returned to their original place. Any such decision and associated action must be documented and signed off by the Information Security Manager and the Network Manager.

Mouse units may not be taken out of the CA rooms without prior approval from the information security manager under any circumstances whatsoever.

C. Keyboard

CIO use a number of various models of keyboards. Each keyboard is to be plugged into a PC or Server for which it has been allocated (cross referenced in the asset list).

Each keyboard is to be kept clean of dust and users may not leave drink or food beside keyboards.

Keyboards are not under supplier warranty. No specific support contract is in place to replace keyboards within agreed periods of time should they become faulty. [SUPPLIER] can be contacted as per the details on the suppliers register to organize replacement unit(s). In the meantime, users may decide in conjunction with the Information Security Manager and Network Manager whether it might be appropriate to unplug a keyboard used in another machine (PC or Server) to plug it back into the machine whose assigned keyboard is faulty. Once replacement units are delivered and implemented, existing units should be returned to their original place. Any such decision and associated action must be documented and signed off by the Information Security Manager and the Network Manager.

Keyboards may not be taken out of the CA rooms without prior approval from the information security manager under any circumstances whatsoever.

Please note that anti-spyware software approved by the Information Security Manager must be ran on the network at least [once a month] to ensure that no keyloggers are present on the network as this could compromise the overall security of the PKI infrastructure.

D. KBM

CIO use KBMs to allow one monitor to be used for a number of designated server(s) or PC(s). Each KBM is to be plugged into the PCs or Servers for which it has been allocated (cross referenced in the asset list).

Each KBM is to be kept clean of dust and users may not leave drink or food beside keyboards.

KBMs are not under supplier warranty. No specific support contract is in place to replace them within agreed periods of time should they become faulty. [SUPPLIER] can be contacted as per the details on the suppliers register to organize replacement unit(s). In the meantime, users may decide in conjunction with the Information Security Manager and Network manager whether it might be appropriate to plug monitors directly into a PC or server. Once replacement units are delivered and implemented, existing units should be returned to their original place. Any such decision and associated action must be documented and signed off by the Information Security Manager and the Network Manager. When replacement units are delivered and implemented, existing units should be returned to their original place.

KBMs may not be taken out of the CA rooms without prior approval from the information security manager under any circumstances whatsoever.

E. Coaxial Cables & Network Points

CIO use coaxial cables and network points as referenced in the Asset List. These items are not under supplier warranty. No specific support contract is in place to replace them within agreed periods of time should they become faulty. [SUPPLIER] can be contacted as per the details on the suppliers register to organize replacement unit(s). In the meantime, users may decide in conjunction with the Information Security Manager and Network manager whether it might be appropriate interchange Coaxial Cables or Network Points (where applicable). Once replacement units are delivered and implemented, existing units should be returned to their original place. Any such decision and associated action must be documented and signed off by the Information Security Manager and the Network Manager. When replacement units are delivered and implemented, existing units should be returned to their original place.

Cables and Network Points may not be taken out of the CA rooms without prior approval from the Information Security Manager under any circumstances whatsoever.

Additional Notes pertaining to the Operational Working Instructions:

Keyboards, Monitors and Mouse units are delivered by vendors with users manuals either with dedicated Sections related to each asset or with a full users manual allowing for customization of the configuration. Where applicable such manuals are available in the manuals folder.

Other than at the initial installation stage, no specific testing of the assets is required. Basic performance criteria consist in making sure that monitors, keyboards and mouse units function properly and allow interaction with the PC(s) or server(s) these assets are allocated to.

No specific training is provided to users in relation to the assets covered in this OWI as most users intuitively know how to use basic functionality.

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November, 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

Switch Catalyst 2960 OWI

Scope:

The purpose of this document is to provide full Operating Work Instructions for the use, maintenance and support of the Switch Catalyst 2960 in use within the framework of the PKI CA (namely for PKI DC and Juffair).

Responsibility & Asset Ownership:

Details of the Operating Work Instruction:

A. Integration and Initial Set-up

The Cisco Switch Catalyst 2960 should be implemented using the guidelines of the software guidance guide produced by Cisco. The switch is configured using Cisco command line access.

Switches are line between machines and a network access point the unit needs to be powered up and is already working in transparent mode.

The unit can be configured either by using CLI (Command Line Interface). All of the following needs to be fully configured:

Initial Configuration and Settings

The switch is configured to 4 different subnets:

Subnet 1
10.10.19.0/26
10.10.19.1 – First IP
10.10.19.63 – Broadcast

Subnet 2
10.10.19.64/26
10.10.19.65 – First IP
10.10.19.127 – Broadcast

Subnet 3
10.10.19.128/26
10.10.19.129 – First IP
10.10.19.191 – Broadcast

Subnet 4
10.10.19.192/26
10.10.19.193 – First IP
10.10.19.255 - Broadcast

Performance Features

Intelligent features at the network edge, such as sophisticated access control lists (ACLs) and enhanced security
Dual-purpose uplinks for Gigabit Ethernet uplink flexibility, allowing use of either a copper or a fibre uplink-each dual-purpose uplink port has one 10/100/1000 Ethernet port and one Small Form-Factor Pluggable (SFP)-based Gigabit Ethernet port, with one port active at a time
Network control and bandwidth optimization using advanced QoS, granular rate limiting, ACLs, and multicast services
Network security through a wide range of authentication methods, data encryption technologies, and NAC based on users, ports, and MAC addresses
Easy network configuration, upgrades, and troubleshooting using Cisco Network Assistant software
Autoconfiguration for specialized applications using Smartports
Limited lifetime hardware warranty
Software updates at no additional charge

Policy and Configuration Instructions:

The Network Manager in co-operation with the Information Security Manager decides on the policy implemented on the Cisco Switch Catalyst appliances. The policy is then implemented and saved with a back-up of the latest policy to saved in CIO Juffair to allow for Disaster Recovery purposes.

Item Policy Rule Description Justification
1 Switch Authentication Rule User Authentication at Switch User Management to guarantee confidentiality

The policy which is implemented must be fully documented and updated on a regular basis within this document.

Alert Escalations and IOS Updates:

The Cisco Switch Catalyst 2960 allows the Network Administrator to create rules for alerts to be a configured to be sent to either the Network Manager and the Information Security Manager. CIO to include details of escalation rules here-switch is transparent, no logging, escalation rules.

Update of the Cisco IOS must be done regularly and performed by the Network Manager as and when the latest IOS for the switch is made available from Cisco; must be agreed with the Information Security Manager and IT Operations Manager.

CISCO IOS Software Release 12.2(25)SEB.

In terms of performance monitoring, the Cisco Switch 2960 should be ample for the requirements of CIO at present. However should service be degraded and performance be impacted CIO should review the logs of the Cisco Catalyst 2960 to check that the bandwidth and performance capabilities of the units are not maxed out. If so configuration might be changed or a requirement for a clustered Cisco Catalyst environment to improve performance should also be envisaged, to be decided by the Network Manager and Information Security Manager to be submitted for approval according to the rules of this ISMS.

B. Subscription and Advance Replacement Instructions:

Cisco Catalyst 2960 units are covered under subscription with Fakhro Electronics with 1 year warranty. This ensures that the IOS version is regularly available for updates. Fakhro Electronics can be contacted as per the details on the suppliers register to organize replacement unit(s). In the meantime, users may decide in conjunction with the Information Security Manager and Network Manager whether it might be interchange Cisco 2960s or to use a third party Switch to continue operations instead of the original Cisco Catalyst 2960. When replacement units are delivered and implemented, the configuration of the original unit must be implemented and tested as per the initial implementation. All associated actions must be documented and signed off by the Information Security Manager and the Network Manager.

Additional Notes pertaining to the Operational Working Instructions:

The Cisco Catalyst 2960 units are to be kept clean of dust and users may not leave drink or food beside the appliances.

Cisco Catalyst 2960 units may not be taken out of the CA rooms without prior approval from the information security manager under any circumstances whatsoever.

Cisco Catalyst 2960 units are delivered by vendors with users manuals either with dedicated Sections related to each asset or with a full users manual allowing for customization of the configuration. The main reference guide for the Cisco 2960 is entitled Catalyst 2960 Switch
Software Configuration Guide. CIO uses all the best practice guidelines available for these units in the guide. The guide is included in the series of manuals which are available in the manuals folder.

No specific training is provided to users in relation to the assets covered in this OWI as most users intuitively know how to use basic functionality. However CIO have a number of Cisco trained professionals to CCNA levels which allows CIO to perform a number of administration duties with internal staff and without requiring external assistance.

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November, 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

Tipping Point X505 OWI

Scope:

The purpose of this document is to provide full Operating Work Instructions for the use, maintenance and support of the Tipping Point X505 in use within the framework of the PKI CA (namely for PKI DC and Juffair).

Responsibility & Asset Ownership:

Details of the Operating Work Instruction:

F. Integration and Initial Set-up

The Tipping Point hardware firewall and IPS appliance(UTM) is easy to install and very intuitive to set-up. Once plugged in line between a switch and a network access the unit needs to be powered up and is already working in transparent mode.

The Tipping Point Unit can support mixed environments irrespective of topology or IP addressing scheme. We have implemented the following mode of the UTM:

- NAT (including Virtual Server and PAT)

The UTM is configured with the following:

Interface 1 – External (Connected to CIO Isa Town main core switch)

Interface 2 – Frontend (Connected to Switch Subnet 2)

Interface 3 – Backend (Connected to Switch Subnet 3)

Interface 4 – HSM (Connected to Switch Subnet 4)

Tipping Point testing is carried out initially to ensure that the solution works transparently and allows legitimate traffic through and does show in its logging interface the number of attacks being stopped or simply logged. Each type of attack will generate an alert which can be sent via multi channel such as SMS or e-mail to the Network Manager and/or Information Security Manager.

Policy and Configuration Instructions:

The Network Manager in co-operation with the Information Security Manager decides on the policy implemented on the Tipping Point appliances. The policy is then implemented and saved with a back-up of the latest policy to be saved in CIO Juffair to allow for Disaster Recovery purposes.

The units allow for the following features to be implemented.

User Set-up

The Network manager will set-up accounts for themselves and the Information Security Manager.

Client and Server Protection

Spyware and Peer-to-Peer Protection

Multiple Security Zones

Flexible Policy Engine

Unified control of multiple services:

Encryption and Authentication

On-box and external RADIUS database
URL Filtering

Web Content Filtering

Annual subscription includes:

TippingPoint Isa Town

Item Policy Rule Description Justification
1 Deny all services Firewall is set to deny all access for all services to any servers behind it. Allows only specific traffic through the network.
2 Spyware turned on Allows to protect CIO against known Spyware attacks Spyware could compromise the Integrity and availability of CIO PKI CA
3 X.509 Digital Certificate authentication
from internal or third-party certificate
authorities Allows CIO to ensure that certificates created by Digi-CA are let through the Tipping Point Allows for secure communication of CA certs to relevant parties
4 Intrusion Prevention System/Intrusion Detection System Detects and prevents intrusion from all attacks. Blocks and prevents any other attacks not blocked by firewall

TippingPoint Firewall Juffair

The policy which is implemented must be fully documented and updated on a regular basis within this document.

Secure Management and & Alert Escalations:

The TippingPoint X505 is supported by the TippingPoint Security Management System (SMS), an enterprise-class management platform, which provides intuitive management for multiple TippingPoint IPS or X505 devices. The TippingPoint SMS arrives with factory-installed software for simplistic installation. CIO use the standard web based configuration so that the Network manager can perform installation and maintenance routine tasks and to allow the Information Security Manager to access the logs and policy where applicable.

The SMS is to be used to create rules for alerts to be a configured to be sent to either the Network Manager [NM] and the Information Security Manager [ISM]. Currently the rules are not agreed and the NM & ISM have identified this as a risk that will be addressed, documented and provided in this Manual in time for the second update of the manual on 14 November, 2007

The X505 is configured to send email notification when a High Level alert is detected by it.

Red Hat Isa Town

Item Issue Escalation patch Action Item / Remediation
1 Red(High Priority Alert) – can be from Intrusion Detected, Worm outbreak, etc. Send alert to Network Manager Integrity Checks to be ran on CIO network

Red Hat Juffair

CIO to complete tables for each implementation PKI DC and Juffair. Information included in the example shown is for guidance purposes only.

In terms of performance monitoring, the Tipping Point x505 should be ample for the requirements of CIO at present. However should service be degraded and performance be impacted CIO should review the logs of the Tipping Point to check that the bandwidth and performance capabilities of the units are not maxed out. If so configuration might be changed or a requirement for a clustered Tipping environment to improve performance should also be envisaged, to be decided by the Network Manager and Information Security Manager to be submitted for approval according to the rules of this ISMS.

Subscription and Advance Replacement Instructions:

Tipping Point is covered under subscription with Fakhro Electronics with 1 year subscription. This ensures that the database of attacks for which Tipping Point scans is fully up to date. Fakhro Electronics can be contacted as per the details on the suppliers register to organize replacement unit(s). In the meantime, users may decide in conjunction with the Information Security Manager and Network Manager whether it might be appropriate to continue operations without Tipping Point Protection. When replacement units are delivered and implemented, the configuration of the original unit must be implemented and tested as per the initial implementation. All associated actions must be documented and signed off by the Information Security Manager and the Network Manager.

Additional Notes pertaining to the Operational Working Instructions:

The Tipping Point units are to be kept clean of dust and users may not leave drink or food beside the appliances.

Tipping Points units may not be taken out of the CA rooms without prior approval from the information security manager under any circumstances whatsoever.

Tipping Point units are delivered by vendors with users manuals either with dedicated Sections related to each asset or with a full users manual allowing for customization of the configuration. Where applicable such manuals are available in the manuals folder.

Full activity and log reports are available out of the box for Tipping Point and should be produced on a monthly basis by the Network Manager and sent to the Information Security Manager for review. Should the Information Security Manager request changes to the policy this must be done in accordance to the change control procedure.

No specific training is provided to users in relation to the assets covered in this OWI as most users intuitively know how to use basic functionality.

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

Motion Detector, Alarm, Power Supply & Siren OWI

Operating Work Instructions – Alarm Control Panel, Speech Dialler, Siren, Power supply, LCD Keypad and Motion Sensors

Scope:

This document covers the Operating Work Instructions for the Alarm Control Panel, Dialer, Siren, Power supply and LCD Keypad located throughout the datacenter in Isa Town.

Responsibilities:

The safe is the responsibility of the Physical Security Section of CIO’s Information Security Section.

Details of Operating Work Instructions:

1. Alarm Control Panel is Veritas Excel.
a. 12 zones panel, 2 partitions, 32 user codes, 4 outputs relay modules, 8 programmable outputs with 12 V battery for backup
2. Speech Dialler is Texecom Speech Dialler.
a. 32 character LCD display, 4 voice message(each up to 32 seconds), 8 voice message, 4 trigger input
3. Siren is Texecom Odyssey 1 and is mounted on the outside wall of Isa Town’s Computer Room.
4. Power supply is Yuasa NP2.8-12 12V 2.8AMP Battery to provide backup power in case of power failure to the Alarm Control Panel.
5. LCD Keypad is Texecom Premier LCDL Keypad
a. Remote keypads with standard 32 character LCD display and a speaker driver unit for programmable volume control, surface mount
6. The motion sensors are Texecom Mirage Pro-Quad Q-Logic Movement sensors.
7. All the sensors are connected to the alarm control panel.
8. To ARM the alarm: PRESS
and FULL button.
9. To RESET the alarm: PRESS <4 digit access code> and RESET button.
10. As part of the PKI Data centre construction project, all the items mentioned above have a 2 year warranty and support from Mantech from the date of handover.
11. Security:
a. The access code for the alarm is held by Physical Security Section personnel only and is changed regularly.
b. The alarm has a 20 second window from alarm is armed OR when an intruder detected inside the Data centre.
c. If the access code is failed to be entered in 20 seconds, the siren on the outside of the building will sound and flash. The speech dialler will then call the numbers stored in memory in the following order:
i. Physical Security Personnel 1
ii. Physical Security Personnel 2
iii. Head of PKI
iv. CA Administrator
d. The dialler will keep on dialling the numbers above in order until it is answered.
12. Emergencies:
a. In case of failure, contact Mantech 17730459.
.
Ownership:

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November, 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

Backup Air Conditioning Unit OWI

Scope:

This document covers the Operating Work Instructions for the Backup Air Conditioning Unit located throughout the PKI Data centre in Isa Town.

Responsibilities:

The backup air conditioning unit is the responsibility of the PKI Section of CIO’s Information Security Section.

Details of Operating Work Instructions:

1. The backup air conditioning units to be used in case of failure of the main air conditioning unit or when the temperature in the data centre is not of suitable operational temperature.
2. The backup air conditioning units consists of an outdoor unit and an indoor unit.
3. The indoor unit is rated 2400 BTU.
4. All the air conditioning units are part of the PKI Data centre construction project.
5. As per contract with Mantech (Ref:PKI Data centre Construction contract), all parts and fittings of the data centre are subject to two years warranty by Mantech from the date of the handover, which is 11 March 2007 (Ref: LTR/VP/07/08/CIO/H1)
6. All the air conditioning units have been tested prior to handover.
7. Emergencies:
a. In case of any malfunction of the air conditioning units, the Vendor shall be informed for any replacements (Ref: Doc 7.1B)

Ownership:

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November, 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

Dust & Fire Protection OWI

Operating Work Instructions – Fire/Dust Detection & Fire Suppression System

Scope:

This document covers the Operating Work Instructions for the Fire/Dust Detection & Fire Suppression System located throughout the PKI Data centre in Isa Town.

Responsibilities:

The safe is the responsibility of CIO’s Administration Department.

Details of Operating Work Instructions:

1. CIO Isa Town’s Computer Room is protected by Fike Corporation’s SHP Pro Fire Protection System.
2. The system consists of :
a. Somke Fire/Dust Detectors (located on the ceiling void, roof and under the raised floorings)
b. Fike Corporation Single Hazard Panel(SHP) – Alarm/System Control Panel
c. FM 200 Gas tank and release nozzles
3. The Fire Protection System is installed by ALMoayyed Trading & Contracting.
4. This system is part of a project which includes the installation and commission of UPS, Main Air Conditioning Unit and Fire Protection System.
5. The Fire Protection System is regularly tested to by the Vendor.
6. The SHP for the system is located on the outside of the Computer
7. Manual for the Fire Suppression System is available.
8. Emergencies:
a. When a fire is detected, the alarm siren will immediately sound, after 90 seconds the FM 200 gas will be released.
b. The release of the gas can be delayed by 1 minute by pressing a button on the SHP panel.
c. The SHP has a battery backup, in case of power failure.
d. For support, contact Al Moayyed Trading and Contraction 17700777.

Ownership:

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November, 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

Access Control System OWI

Scope:

This document covers the Operating Work Instructions for the Access Control in PKI Data centre in Isa Town.

Responsibilities:

The access control is the responsibility of the Physical Security Section of CIO’s Information Security Section.

Details of Operating Work Instructions:

1. Access to each of the room in the PKI Data centre is via Identix Fingerscan V20 UA biometrics fingerprint reader. The readers are connected to the fingerprint database pc in the Outer Core room via Ethernet.
2. Reader Description :
a. Identix Fingerscan V20 UA
b. Dimensions : Length: 6-1/2”, Width 6-3/4”
c. Enrollment time : <5 seconds
d. Verification time : <1 second
e. FAR/FRR: variable, configuration dependant
f. Template size: 512 bytes
g. Allowable Finger Rotation: =/1 18 degrees
h. Power: 12V DC, unregulated
i. Weight: 2lbs
j. Transaction Storage: 8000 (minimum buffering)
k. Communications: RS485, Wiegang, RS232;optional gateway-supported Ethernet or modem
l. Baud rate: 9600 to 57600 bps
m. Template storage: 512 or optional 5000 and 32000 template memory
n. Door controls: Lock output, tamper switch, 3 auxiliary outputs, 4 auxiliary inputs
o. Card reader input: Wiegand, proximity, magnetic stripe (serial), smartcard (serial), barcode(serial)
p. Card reader emulation output: Wiegand
q. Timezones: 30
r. Operating temperature: -10 to 50 degrees Celsius
s. Display: 2 line, 16 characters
t. Options: User memory expansions: 5000 and 32000 templates, LCD display, integrated proximity card reader, dial up modem, Ethernet communications (10BAST-t), and Fingerlan IV
3. Manual for the safe is available in the Manuals folder (Access control tab).
4. As part of PKI Data centre Construction project deliverables, the access control items has a 2 year warranty from the date of handover.
5. Security:
a. Entry would require a Physical security personnel and another person ie. all rooms require dual access.
b. A Physical Security personnel MUST be present in all room which requires access.
c. A user can use either his/her access code or an access card with his/her fingerprint to access.
6. Emergencies:
a. In case of power failure, access would not be available but the door lock will be powered.
b. In case of network failure between reader and Fingerlan pc, the reader would still be able to provide access with templates stored on the reader itself.
c. For support, contact Mantech 17730459.

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November, 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

Telephone OWI
Scope:

This document covers the Operating Work Instructions for the fully functional telephone located in the Outer Core room in PKI Data centre in Isa Town.

Responsibilities:

The fully functional telephone is the responsibility of the CIO’s Administration Department.

Details of Operating Work Instructions:

1. Telephone Description : Panasonic Phone KX-T2375JXW
2. The telephone is connected to a direct line in Isa Town. Phone number: 17878121. It is also connected to the intrusion alarm dialler which dials in case of emergency.(Refer to OWI – Alarm).
3. The telephone line is provided by Batelco, which provides exchange for the whole Isa Town building.
4. The wiring for the telephone line is done by Technoland.
5. Manual for the safe is available in the Manuals folder (Telephone).
6. Emergencies:
a. Should the telephone fails, the telephone line can be connected directly to the alarm.
b. If the telephone line is down, please contact Batelco on 17881111
c. If the telephone line is down due to error in wiring, contact Techoland on 17271714.

Ownership:

This document is owned by CIO’s Administration Department.

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November, 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

Safe OWI

Scope:

This document covers the Operating Work Instructions for the Safe located in the Safe room in PKI Data centre in Isa Town.

Responsibilities:

The safe is the responsibility of the PKI Section of CIO’s Information Security Section.

Details of Operating Work Instructions:

1. Safe is a Media rated TL-15 safe
2. Safe Description : Chubb Safe Europa Grade 1 Size 2
3. Front safe door is protected by digital combination lock and a key. The deposit boxes in the safe have dual locks. One individual key and one common key for all locks.
4. Manual for the safe is available in the Manuals folder (Safe tab).
5. As part of the PKI Data centre construction project, the Safe has a 2 year warranty and support from Mantech from the date of delivery.
6. Security:
a. The digital combination for the safe door and the safe door key will be held by different individuals. If needed, the combination lock can also be set to require 2 user inputs instead of it. Current setting is set to 1.
b. One personnel will hold the common key to all deposit boxes while and individual responsible for the safe deposit box will hold the individual key.
7. Emergencies:
a. In case of fire, the safe is rated to withstand fires up to 2 hours
b. If the batteries to the combination lock have not been changed in time and the tension does not suffice to cancel the lock’s blocking feature, a new 9V ALKALINE battery can be pressed to the contacts on the entry pad.
c. The code the safe remains active even as the power supply fails.
d. For support, contact Mantech 17730459.

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November, 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

Door Exit Push Buttons & Door Latch OWI
Scope:

This document covers the Operating Work Instructions for the Door Exit Switches and Door Latches in the PKI Data centre

Responsibilities:

The items are the responsibility of the PKI Section of CIO’s Information Security Section.

Details of Operating Work Instructions:

1. There are 4 door exit push buttons and 4 door latches in the PKI Data centre
2. Exit Push Button Description : ALPRO Waterproof Exit Switches with Solid State Piezo technology with PUSH TO EXIT engraving
3. Door Latch Description : Trimec TS2001 Stainless Steel Mortice Latch Release (Monitored)
4. Pushing of the exit button releases the door latch, allowing exit. Both the exit button and the door latch are connected to the Access Control Biometrics (Refer to OWI – Access control).
5. Both latch and exit buttons are part of PKI CA Data centre construction project which has a two year warranty from the date of handover (Ref: PKI CA Data centre contract).
6. Emergencies:
a. The door latch is held magnetically via power from the Data centre. In case of power failure, the battery in the Access control is to provide power to the latch until power supply is restored.
b. In case of any failures, contact Mantech 17730459.

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November, 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

CCTV OWI

Scope:

This document covers the Operating Work Instructions for the CCTV Cameras, DVR Remote Control ,Monitor, Digital Video Recorder (DVR) and coaxial cables located in the Outer Core room in PKI Data centre in Isa Town.

Responsibilities:

The safe is the responsibility of the Physical Security Section of CIO’s Information Security Section.

Details of Operating Work Instructions:

1. Three CCTV cameras are connected via coaxial cables to the DVR. The monitor is attached to the DVR and DVR can be controlled using keypads on the DVR or via remote control.
2. Descriptions:
a. CCTC Camera – Infinova V1466F-3895A14 CCTV, Vandal resistant x 3
b. DVR - Infinova V3010/4L Digital Video Recorder,4 Channels 80 GB Hard disk
c. Monitor - Infinova V1322T/14 14” Digital Color Monitor 1 channel
d. Coaxial cables - LOT

3. The CCTV camera monitors:
a. Entrance to the Outer Core room
b. Entrance to the Inner Core room
c. Entrance to the Safe Room.
4. The DVR is set to capture only movement detected by the CCTV cameras.
5. The CCTV cameras is also able to capture movement in 0 LUX(no lights) as such the lights to the data centre are switched off when not occupied.
6. The manual for all the items mentioned above is available in the Manuals folder.
7. Security:
a. Access to the DVR is protected via a PIN code. PIN code can be entered using keypad on the DVR or via the remote.
b. The DVR is also accessible via Infinova’s Remote Monitoring Software.
c. Setup of the DVR can be done either via the DVR or by using the Remote Monitoring Software.
8. Footage from the DVR will be periodically downloaded to the PC with the Remote Monitoring Software installed.
9. As part of PKI Data centre Construction project deliverables, all the items above have a 2 year warranty from the date of handover of project.
10. Emergencies:
a. In case of lost feed from cameras, please contact Mantech 17730459 for support.

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November, 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

Light Fittings & Switches OWI

Scope:

This document covers the Operating Work Instructions for the Lights fitting and switches located throughout the PKI Data centre in Isa Town.

Responsibilities:

The lights fitting and switches is the responsibility of the PKI Section of CIO’s Information Security Section.

Details of Operating Work Instructions:

1. All the lights fitting and switches are part of the PKI Data centre construction project.
2. As per contract with Mantech (Ref:PKI Data centre Construction contract), all parts and fittings of the data centre are subject to two years warranty by Mantech from the date of the handover, which is 11 March 2007 (Ref: LTR/VP/07/08/CIO/H1)
3. All the lights fittings and switches have been tested prior to handover.
4. Emergencies:
a. In case of any breakage/malfunction of the lights fittings and switches, the Vendor shall be informed for any replacements (Ref: Doc 7.1B)

Adlin Hisyamuddin
Information Security Manager

____________________________

On:

08 November, 2007
____________________________

Change history

Issue 1 08 November, 2007 Initial issue

17. Appendix III - Operating Work Instructions [OWIs]

Contact Us

Compliance