Security Enhancements
This section lists enhancements introduced to support Cisco Product Security Requirements and the Product Security Baseline (PSB). For more information about Cisco Product Security Requirements, refer to: https://www.cisco.com/c/en/us/about/security-center/security-programs/secure-development-lifecycle/sdl-process.html
PSB Requirements for 22.1.0 Release
Feature Summary and Revision History
|
Applicable Product(s) or Functional Area |
CPS/vDRA |
|
Applicable Platform(s) |
Not Applicable |
|
Default Setting |
Enabled - Always-on |
|
Related Changes in This Release |
Not Applicable |
|
Related Documentation |
Not Applicable |
|
Revision Details |
Release |
|---|---|
|
First introduced |
22.1.0 |
Feature Description
CPS PCRF meets the Cisco security guidelines and is aligned with the security features for 22.1.0 release. CPS now supports the following PSB requirements:
|
PSB Item |
Description |
|---|---|
|
CT2120: SEC-WEB-XSS-4 |
Prevent cross-site scripting vulnerabilities. |
|
CT2119: SEC-TLS-CURR-6 |
Support current TLS versions. |
|
CT2107: SEC-CRY-PRIM-7 |
Use approved cryptographic primitives and parameters. |
|
CT2112: SEC-SW-SIG-5 |
Digitally sign software and control the keys. |
|
CT1945: SEC-UPS-NOBACK-2 |
Protect against Supplier backdoors, malware, or known vulnerabilities. |
CPS vDRA meets the Cisco security guidelines and is aligned with the security features for 22.1.0 release. vDRA now supports the following PSB requirements:
|
PSB Item |
Description |
|---|---|
|
CT2120: SEC-WEB-XSS-4 |
Prevent cross-site scripting vulnerabilities. |
|
CT2119: SEC-TLS-CURR-6 |
Support current TLS versions. |
|
CT2107: SEC-CRY-PRIM-7 |
Use approved cryptographic primitives and parameters. |
|
CT2112: SEC-SW-SIG-5 |
Digitally sign software and control the keys. |
|
CT2111: SEC-LOG-CONTENT-3 |
Include identifying information in all log entries. |
|
CT2110: SEC-LOG-ATTACK-2 |
Log indications of attack or abuse. |
|
CT1570:SEC-LOG-ADMIN |
Log administrative access. |
Feedback