Hardware Security Requirements

This section summarizes the system hardware security requirements and recommendations.

A baseline measurement of a secure operating system is the U.S. National Security Agency’s criteria for a C2-level secure system. The requirements for a C2 secure system are articulated by the U.S. Department of Defense’s National Computer Security Center (NCSC) in the publication Trusted Computer System Evaluation Criteria, also known as the “Orange Book.” All systems, whether they are network operating systems or stand-alone operating systems, are evaluated under the criteria set forth in the Orange Book.

Windows NT Server was designed to comply with the NCSC’s Orange Book requirements. Every process and feature was designed with C2-level security in mind. Because the Windows NT Server C2 implementation is entirely software-based, users will not have to install additional hardware on either their servers or clients to meet C2-level security requirements. However, the hardware must meet minimum requirements for C2 evaluation with Windows NT. The C2 evaluation report is available in the following publication:

FINAL EVALUATION REPORT Microsoft Windows NT Workstation and Server Version 3.5 with U.S. Service Pack 3. National Computer Security Center, 23 June 1995.

In addition to its C2 evaluation, both the base and the network components of Windows NT have received the F-C2, E3 ITSEC rating in the United Kingdom. This rating can be leveraged in Germany and soon in France and the Netherlands. Therefore, customers in both the U.S. and Europe can operate certifiably secure systems.

C2 evaluation for hardware

Recommended

C2-evaluated hardware meets requirements defined in the Orange Book.

For hardware designed for customers outside the U.S., equivalent evaluation might be defined in local standards, such as F-C2/E3 ratings in Europe.

Peripherals meet hardware security recommendations

Recommended

OEM-specific solutions can be implemented to meet these recommendations. The following hardware security features are recommended:

• External drive devices should have locking capabilities. Each removable media device on a server system should be capable of being locked to prevent unauthorized access to data. A single locked door covering the drives is sufficient. The locking mechanism must render the device useless, whether locking is done electronically or mechanically.
  
  
• Computer case and switches should have locking capabilities to prevent unauthorized internal access. An OEM-specific method can be implemented, either electronically or mechanically.
  
  
• Remote software management should be supported for physical components.
  
  
• Controls and remote alerts should be provided for chassis-open intrusion.

For servers running either Windows NT Server or Windows NT Server/Enterprise Edition, smart card readers and cards should be provided. If provided with a server system, smart card devices must be compatible with Interoperability Specification for ICCs and Personal Computer Systems, available at http://www.smartcardsys.com/doc/content.html.

In addition, smart card readers and device drivers must be Plug and Play-compliant and must adhere to the Microsoft Smart Card DDK for the Windows and Windows NT platforms, which will be provided in the Windows NT 5.0 DDK. Smart card applications and service-provider DLLs must adhere to the Microsoft Smart Card SDK that is part of the Microsoft Platform SDK.