The following table describes miscellaneous ConformanceUnits.
|
Category |
Title |
Description |
|
Documentation – Supported Profiles |
The documentation includes a description of the profiles supported by the product. This description includes the level of Certification testing the product has passed. |
|
|
Documentation – Multiple Languages |
The documentation is available in multiple languages. The results of this conformance unit include the list of supported languages. |
|
|
Documentation – Users Guide |
The application includes documentation that describes the available functionality provided by the application. For Servers it includes a summary of all functionality provided by the Server. |
|
|
Documentation – On-line |
The documentation provided by the application is available in electronic format as part of the application. The electronic documentation, could be a WEB page, installed document or CD/DVD, but in all case it can be accessed from the application or from a link installed with the application. |
|
|
Documentation – Installation |
The application includes installation instructions that are sufficient to easily install the application. This includes descriptions of any and all possible configuration items. Instructions for loading or configuring security related items such as Application Instance Certificates. |
|
|
Documentation – Trouble Shooting Guide |
The application includes documentation that describes typical problems a user may encounter and actions that the user could perform to resolve the problem. It could also describe tip, tricks or other actions that could help a user diagnose or fix a problem. It could also describe tools or other items that can be used in diagnosing or repairing problems. The actual Trouble Shooting Guide can be part of other documentation, but should be complete enough to provide useful information to a novice user. |
|
|
The documentation includes a description of the profiles supported by the product. This description includes any software certificates that describes the level of Certification testing the product has passed. |
||
|
Documentation Client – Multiple Languages |
The documentation is available in multiple languages. The results of this conformance unit include the list of supported languages. |
|
|
Documentation Client – Users Guide |
The application includes documentation that describes the available functionality provided by the application. For client applications this includes any operator restrictions or general functionality that the client application makes use of. |
|
|
Documentation Client – On-line |
The documentation provided by the application is available in electronic format as part of the application. The electronic documentation could be a WEB page, installed document or CD/DVD, but in all cases it can be accessed from the application or from a link installed with the application. |
|
|
Documentation Client – Installation |
The application includes installation instructions that are sufficient to easily install the application. This includes descriptions of any and all possible configuration items. Instructions for loading or configuring security related items such as Application Instance Certificates. |
|
|
Documentation Client – Trouble Shooting Guide |
The application includes documentation that describes typical problems a user may encounter and actions that the user could perform to resolve the problem. It could also describe tips, tricks or other actions that could help a user diagnose or fix a problem. It could also describe tools or other items that can be used in diagnosing or repairing problems. The actual Trouble Shooting Guide can be part of other documentation, but should be complete enough to provide useful information to a novice user. |
|
|
Security |
Best Practice – Timeouts |
The user is able to configure reasonable timeouts for Secure Channels, sessions and subscriptions to limit Denial of Service and resource consumption issues (see Part 2 for additional details). |
|
Security |
Best Practice – Strict Message Handling |
The application assures that messages that are illegally or incorrectly formed are rejected with appropriate error code or appropriate actions as specified in Part 4 and Part 6. |
|
Security |
Best Practice – Random Numbers |
All random numbers that are required for security use appropriate cryptographic library based random number generators. |
|
Security |
Best Practice – Administrative Access |
The Server and Client allow for appropriate restriction of access to administrative personnel. This includes multiple levels of administrative access on platforms that support multiple administrative roles (such as Windows or Linux). |
|
Security |
Best Practice – Alarm Handling |
A Server should restrict critical alarm functionality to users that have the appropriate rights to perform these actions. This would include disabling or alarms, shelving of alarms and generation of dialog messages. It would also include other security related functionality such maintaining appropriate timeouts for shelving and dialogs and preventing an overload of dialog messages. |
|
Security |
Best Practice – Audit Events |
Subscriptions for Audit Events are restricted to authorized personnel. A Server may also reject a Subscription for Audit Events that is not over a Secure Channel if one is available. |
|
Security |
Best Practice – Audit Events Client |
Audit tracking system connects to a Server using a Secure Channel and under the appropriate administrative rights to allow access to Audit Events. |