5 Conformance Units ToC Previous Next

5.5 Miscellaneous ToC Previous Next

The following table describes miscellaneous ConformanceUnits.

Table 22 – Miscellaneous

Category Title Description
Server Documentation – Supported Profiles The documentation includes a description of the profiles supported by the product. This description includes the level of Certification testing the product has passed.
Server Documentation – Multiple Languages The documentation is available in multiple languages. The results of this conformance unit include the list of supported languages.
Server Documentation – Users Guide The application includes documentation that describes the available functionality provided by the application. For Servers it includes a summary of all functionality provided by the Server.
Server Documentation – On-line The documentation provided by the application is available in electronic format as part of the application. The electronic documentation, could be a WEB page, installed document or CD/DVD, but in all case it can be accessed from the application or from a link installed with the application.
Server Documentation – Installation The application includes installation instructions that are sufficient to easily install the application. This includes descriptions of any and all possible configuration items. Instructions for loading or configuring security related items such as Application Instance Certificates.
Server Documentation – Trouble Shooting Guide The application includes documentation that describes typical problems a user may encounter and actions that the user could perform to resolve the problem. It could also describe tip, tricks or other actions that could help a user diagnose or fix a problem. It could also describe tools or other items that can be used in diagnosing or repairing problems. The actual Trouble Shooting Guide can be part of other documentation, but should be complete enough to provide useful information to a novice user.
Client Documentation Client – Supported Profiles The documentation includes a description of the profiles supported by the product. This description includes any software certificates that describes the level of Certification testing the product has passed.
Client Documentation Client – Multiple Languages The documentation is available in multiple languages. The results of this conformance unit include the list of supported languages.
Client Documentation Client – Users Guide The application includes documentation that describes the available functionality provided by the application. For client applications this includes any operator restrictions or general functionality that the client application makes use of.
Client Documentation Client – On-line The documentation provided by the application is available in electronic format as part of the application. The electronic documentation could be a WEB page, installed document or CD/DVD, but in all cases it can be accessed from the application or from a link installed with the application.
Client Documentation Client – Installation The application includes installation instructions that are sufficient to easily install the application. This includes descriptions of any and all possible configuration items. Instructions for loading or configuring security related items such as Application Instance Certificates.
Client Documentation Client – Trouble Shooting Guide The application includes documentation that describes typical problems a user may encounter and actions that the user could perform to resolve the problem. It could also describe tips, tricks or other actions that could help a user diagnose or fix a problem. It could also describe tools or other items that can be used in diagnosing or repairing problems. The actual Trouble Shooting Guide can be part of other documentation, but should be complete enough to provide useful information to a novice user.
Security Best Practice – Timeouts The user is able to configure reasonable timeouts for Secure Channels, sessions and subscriptions to limit Denial of Service and resource consumption issues (see Part 2 for additional details).
Security Best Practice – Strict Message Handling The application assures that messages that are illegally or incorrectly formed are rejected with appropriate error code or appropriate actions as specified in Part 4 and Part 6.
Security Best Practice – Random Numbers All random numbers that are required for security use appropriate cryptographic library based random number generators.
Security Best Practice – Administrative Access The Server and Client allow for appropriate restriction of access to administrative personnel. This includes multiple levels of administrative access on platforms that support multiple administrative roles (such as Windows or Linux).
Security Best Practice – Alarm Handling A Server should restrict critical alarm functionality to users that have the appropriate rights to perform these actions. This would include disabling or alarms, shelving of alarms and generation of dialog messages. It would also include other security related functionality such maintaining appropriate timeouts for shelving and dialogs and preventing an overload of dialog messages.
Security Best Practice – Audit Events Subscriptions for Audit Events are restricted to authorized personnel. A Server may also reject a Subscription for Audit Events that is not over a Secure Channel if one is available.
Security Best Practice – Audit Events Client Audit tracking system connects to a Server using a Secure Channel and under the appropriate administrative rights to allow access to Audit Events.

Previous Next