Solution Security
Solution Security Compliance Requirements
Encryption Applicability
| Item | Security Requirements | Functional Requirements | Description |
|---|---|---|---|
| Encryption Support | Use of validated cryptographic modules and algorithms for security. |
-ARIA 128/192/256, SEED -SHA 256 higher, HAS-160 |
Cryptographic Module Verification Requirement |
| Encryption Key Management | Ensuring the stability of cryptographic key generation, access, renewal, and disposal |
- Key derivation from validated international standard algorithms - The cryptographic keys loaded into shared memory are not in plaintext |
Security Requirements for DB Encryption Products |
| DB Data Encryption and Decryption | Ensuring the stability of critical data, encrypted data, ciphertext, and index |
- Encryption and decryption through a secure cryptographic module - The original data is deleted after encryption |
Certified Encryption Module |
| Access Control | Preventing unauthorized access to cryptographic keys, ciphertext | - Limitations based on conditions such as DB accounts, IP addresses, applications, and access periods | Security Requirements for DB Encryption Products |
| Secure Communication | Maintaining confidentiality and integrity of transmitted data | - Secure transmission between product components. | |
| Identification and Authentication | Verifying the identity of authentication product users |
- Reset after consecutive user authentication failures - Prevention of authentication data reuse attacks |
|
| Security Auditing | Recording important events related to the product |
- Audit data is accessible only to authenticated users - Review based on DB table names, DB column names, and query types |
|
| Security Management | Efficiently managing security policies and audit logs | - Review based on DB table names, DB column names, and query types |