Security Enhancements
This section lists enhancements introduced to support Cisco Product Security Requirements and the Product Security Baseline (PSB). For more information about Cisco Product Security Requirements, refer to: https://www.cisco.com/c/en/us/about/security-center/security-programs/secure-development-lifecycle/sdl-process.html
PSB Requirements for 23.1.0 Release
Feature Summary and Revision History
Applicable Product(s) or Functional Area |
CPS/vDRA |
Applicable Platform(s) |
Not Applicable |
Default Setting |
Enabled - Always-on |
Related Changes in This Release |
Not Applicable |
Related Documentation |
Not Applicable |
Revision Details |
Release |
---|---|
First introduced |
23.1.0 |
Feature Description
CPS PCRF meets the Cisco security guidelines and is aligned with the security features for 23.1.0 release. CPS now supports the following PSB requirements:
PSB Item |
Description |
---|---|
CT2226: SEC-HRD-BUILDENV-FR1-v2 |
Register and link your build environment to your offer. |
CT2239: SEC-SW-APPDTCT-FR8-v1 |
Protect Signature Verification Elements (was SEC-SW-INSCHK-FR7. |
CT2277: SEC-UPS-REGI-FR1-v4 |
Register Third Party Software. |
CT2278: SEC-UPS-REGI-FR2-v4 |
Update TPS Registrations Regularly. |
CT2232: SEC-SW-APPDTCT-FR1-v1 |
Check all signatures before installing code (was SEC-SW-INSCHK-FR1, SEC-SW-INSCHK-FR2 and SEC-SW-INSCHK-FR. |
CT2233: SEC-SW-APPDTCT-FR2-v1 |
Check all subsidiary module signatures on installation (was SEC-SW-INSCHK-FR11). |
CT2234: SEC-SW-APPDTCT-FR3-v1 |
Reject code with unexpected signatures on installation (was SEC-SW-INSCHK-FR3). |
CT2223: SEC-DAT-KNOWWHAT-2 |
Know what data your product or service processes and assess the privacy risk. |
CT2227: SEC-HRD-BUILDENV-FR2-v2 |
Perform the Build Environment Security (BES) risk assessment of your build environment. |
CT2235: SEC-SW-APPDTCT-FR4-v1 |
Closed code must use Cisco installers (was SEC-SW-INSCHK-FR8). |
CT2211: SEC-ASU-TRAIN-3 |
Train developers, testers, etc. |
CT2231: SEC-PRV-USERAUTH-3 |
Control user and system access to personal information. |
CPS vDRA meets the Cisco security guidelines and is aligned with the security features for 23.1.0 release. vDRA now supports the following PSB requirements:
PSB Item |
Description |
---|---|
CT2226: SEC-HRD-BUILDENV-FR1-v2 |
Register and link your build environment to your offer. |
CT2239: SEC-SW-APPDTCT-FR8-v1 |
Protect Signature Verification Elements (was SEC-SW-INSCHK-FR7. |
CT2277: SEC-UPS-REGI-FR1-v4 |
Register Third Party Software. |
CT2278: SEC-UPS-REGI-FR2-v4 |
Update TPS Registrations Regularly. |
CT2232: SEC-SW-APPDTCT-FR1-v1 |
Check all signatures before installing code (was SEC-SW-INSCHK-FR1, SEC-SW-INSCHK-FR2 and SEC-SW-INSCHK-FR. |
CT2233: SEC-SW-APPDTCT-FR2-v1 |
Check all subsidiary module signatures on installation (was SEC-SW-INSCHK-FR11). |
CT2234: SEC-SW-APPDTCT-FR3-v1 |
Reject code with unexpected signatures on installation (was SEC-SW-INSCHK-FR3). |
CT2223: SEC-DAT-KNOWWHAT-2 |
Know what data your product or service processes and assess the privacy risk. |
CT2227: SEC-HRD-BUILDENV-FR2-v2 |
Perform the Build Environment Security (BES) risk assessment of your build environment. |
CT2235: SEC-SW-APPDTCT-FR4-v1 |
Closed code must use Cisco installers (was SEC-SW-INSCHK-FR8). |
CT2211: SEC-ASU-TRAIN-3 |
Train developers, testers, etc. |
CT2231: SEC-PRV-USERAUTH-3 |
Control user and system access to personal information. |