Security Enhancements
This section lists enhancements introduced to support Cisco Product Security Requirements and the Product Security Baseline (PSB). For more information about Cisco Product Security Requirements, refer to: https://www.cisco.com/c/en/us/about/security-center/security-programs/secure-development-lifecycle/sdl-process.html
PSB Requirements for 21.2.0 Release
Feature Summary and Revision History
Applicable Product(s) or Functional Area |
CPS/vDRA |
Applicable Platform(s) |
Not Applicable |
Default Setting |
Enabled - Always-on |
Related Changes in This Release |
Not Applicable |
Related Documentation |
Not Applicable |
Revision Details |
Release |
---|---|
First introduced |
21.2.0 |
Feature Description
CPS PCRF meets the Cisco security guidelines and is aligned with the security features for 21.2.0 release. CPS now supports the following PSB requirements:
PSB Item |
Description |
---|---|
CT1885: SEC-SW-SIG-4: |
Digitally sign software and control the keys. |
CT1975: SEC-CRY-PRIM-6 |
Use approved cryptographic primitives and parameters. |
CT1900: SEC-SW-INSCHK |
Check software signatures at installation time. |
CT1977: SEC-SUP-PATCH-2 |
Propagate upstream security patches. |
CT1973: SEC-AUT-AUTH-6 |
Authenticate and authorize remote agents seeking access. |
CT1965: SEC-CRY-SNMP |
Support SNMPv3 with cryptographic encryption and authentication. |
Feature Description
CPS vDRA meets the Cisco security guidelines and is aligned with the security features for 21.2.0 release. vDRA now supports the following PSB requirements:
PSB Item |
Description |
---|---|
CT1977: SEC-SUP-PATCH-2 |
Propagate upstream security patches. |
CT1975: SEC-CRY-PRIM-6 |
Use approved cryptographic primitives and parameters. |
CT1900: SEC-SW-INSCHK |
Check software signatures at installation time. |
CT1885: SEC-SW-SIG-4 |
Digitally sign software and control the keys. |
CT1973: SEC-AUT-AUTH-6 |
Authenticate and authorize remote agents seeking access. |
CT1972: SEC-AUT-API-3 |
Use authentication and authorization to protect the API service offerings. |
CT1965: SEC-CRY-SNMP |
Support SNMPv3 with cryptographic encryption and authentication. |
CT667: SEC-LOG-INDC-2 |
Indicates the status at login. |
CT479:SEC-SW-SIGCUST |
Allow customers to sign software. |