Security Enhancements

Security Enhancements

This section lists enhancements introduced to support Cisco Product Security Requirements and the Product Security Baseline (PSB). For more information about Cisco Product Security Requirements, refer to: https://www.cisco.com/c/en/us/about/security-center/security-programs/secure-development-lifecycle/sdl-process.html

PSB Requirements for 21.2.0 Release

Feature Summary and Revision History

Table 1. Summary Data

Applicable Product(s) or Functional Area

CPS/vDRA

Applicable Platform(s)

Not Applicable

Default Setting

Enabled - Always-on

Related Changes in This Release

Not Applicable

Related Documentation

Not Applicable
Table 2. Revision History

Revision Details

Release

First introduced

21.2.0

Feature Description

CPS PCRF meets the Cisco security guidelines and is aligned with the security features for 21.2.0 release. CPS now supports the following PSB requirements:

Table 3. CPS PSB Requirements

PSB Item

Description

CT1885: SEC-SW-SIG-4:

Digitally sign software and control the keys.

CT1975: SEC-CRY-PRIM-6

Use approved cryptographic primitives and parameters.

CT1900: SEC-SW-INSCHK

Check software signatures at installation time.

CT1977: SEC-SUP-PATCH-2

Propagate upstream security patches.

CT1973: SEC-AUT-AUTH-6

Authenticate and authorize remote agents seeking access.

CT1965: SEC-CRY-SNMP

Support SNMPv3 with cryptographic encryption and authentication.

Feature Description

CPS vDRA meets the Cisco security guidelines and is aligned with the security features for 21.2.0 release. vDRA now supports the following PSB requirements:

Table 4. CPS vDRA Requirements

PSB Item

Description

CT1977: SEC-SUP-PATCH-2

Propagate upstream security patches.

CT1975: SEC-CRY-PRIM-6

Use approved cryptographic primitives and parameters.

CT1900: SEC-SW-INSCHK

Check software signatures at installation time.

CT1885: SEC-SW-SIG-4

Digitally sign software and control the keys.

CT1973: SEC-AUT-AUTH-6

Authenticate and authorize remote agents seeking access.

CT1972: SEC-AUT-API-3

Use authentication and authorization to protect the API service offerings.

CT1965: SEC-CRY-SNMP

Support SNMPv3 with cryptographic encryption and authentication.

CT667: SEC-LOG-INDC-2

Indicates the status at login.

CT479:SEC-SW-SIGCUST

Allow customers to sign software.