Security Enhancements
This section lists enhancements introduced to support Cisco Product Security Requirements and the Product Security Baseline (PSB). For more information about Cisco Product Security Requirements, refer to: https://www.cisco.com/c/en/us/about/security-center/security-programs/secure-development-lifecycle/sdl-process.html
PSB Requirements for 22.1.0 Release
Feature Summary and Revision History
Applicable Product(s) or Functional Area |
CPS/vDRA |
Applicable Platform(s) |
Not Applicable |
Default Setting |
Enabled - Always-on |
Related Changes in This Release |
Not Applicable |
Related Documentation |
Not Applicable |
Revision Details |
Release |
---|---|
First introduced |
22.1.0 |
Feature Description
CPS PCRF meets the Cisco security guidelines and is aligned with the security features for 22.1.0 release. CPS now supports the following PSB requirements:
PSB Item |
Description |
---|---|
CT2120: SEC-WEB-XSS-4 |
Prevent cross-site scripting vulnerabilities. |
CT2119: SEC-TLS-CURR-6 |
Support current TLS versions. |
CT2107: SEC-CRY-PRIM-7 |
Use approved cryptographic primitives and parameters. |
CT2112: SEC-SW-SIG-5 |
Digitally sign software and control the keys. |
CT1945: SEC-UPS-NOBACK-2 |
Protect against Supplier backdoors, malware, or known vulnerabilities. |
CPS vDRA meets the Cisco security guidelines and is aligned with the security features for 22.1.0 release. vDRA now supports the following PSB requirements:
PSB Item |
Description |
---|---|
CT2120: SEC-WEB-XSS-4 |
Prevent cross-site scripting vulnerabilities. |
CT2119: SEC-TLS-CURR-6 |
Support current TLS versions. |
CT2107: SEC-CRY-PRIM-7 |
Use approved cryptographic primitives and parameters. |
CT2112: SEC-SW-SIG-5 |
Digitally sign software and control the keys. |
CT2111: SEC-LOG-CONTENT-3 |
Include identifying information in all log entries. |
CT2110: SEC-LOG-ATTACK-2 |
Log indications of attack or abuse. |
CT1570:SEC-LOG-ADMIN |
Log administrative access. |