ECRC-1

ECRC-1 Resource Control

Overview

All authorizations to the information contained within an object are revoked prior to initial assignment, allocation, or reallocation to a subject from the system's pool of unused objects. No information, including encrypted representations of information, produced by a prior subject's actions is available to any subject that obtains access to an object that has been released back to the system. There is absolutely no residual data from the former object.

MAC / CONF	Impact	Subject Area
CLASSIFIED SENSITIVE	Medium	Enclave Computing Environment

Details

Threat
The constant reallocation of objects is a security risk because residual data may remain when the object is reassigned to a new process after a previous process is finished with it. Clearing residual data from an object before reuse assures that system resources, in particular storage media, are allocated and reassigned among system users in a manner which prevents the disclosure of sensitive information.

Threat

The constant reallocation of objects is a security risk because residual data may remain when the object is reassigned to a new process after a previous process is finished with it. Clearing residual data from an object before reuse assures that system resources, in particular storage media, are allocated and reassigned among system users in a manner which prevents the disclosure of sensitive information.

Guidance
1. If a system component is required to make policy enforcement decisions or implement a security feature, it is considered to be an Information Assurance (IA) enabled IT component, and it must be validated to ensure that residual data is cleared before any object reuse. Operating systems and firewalls are examples of IA enabled components. 2. COTS or GOTS IA and IA enabled products shall be evaluated and validated in accordance with: The International Common Criteria for Information Security Technology Evaluation Mutual Recognition Arrangement; The National Security Agency (NSA) /National Institute of Standards and Technology (NIST) National Information Assurance Partnership (NIAP) Evaluation and Validation Program; or The NIST Federal Information Processing Standard (FIPS) validation program. 3. A validated products list can be found at the http://www.niap-ccevs.org/ website along with procedures to get a product through the validation process.

Guidance

1. If a system component is required to make policy enforcement decisions or implement a security feature, it is considered to be an Information Assurance (IA) enabled IT component, and it must be validated to ensure that residual data is cleared before any object reuse. Operating systems and firewalls are examples of IA enabled components.
2. COTS or GOTS IA and IA enabled products shall be evaluated and validated in accordance with: The International Common Criteria for Information Security Technology Evaluation Mutual Recognition Arrangement; The National Security Agency (NSA) /National Institute of Standards and Technology (NIST) National Information Assurance Partnership (NIAP) Evaluation and Validation Program; or The NIST Federal Information Processing Standard (FIPS) validation program.
3. A validated products list can be found at the http://www.niap-ccevs.org/ website along with procedures to get a product through the validation process.

References

CCIMB-99-031, Common Criteria for Information Technology Security Evaluation, August 1999
DOD 8500.2, Information Assurance Implementation, 06 February 2003
NSTISSP No. 11, National Information Assurance Acquisition Policy - Revised Fact Sheet, July 2003
NIST SP 800-23, Guidelines to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products, August 2000