From 02ad37b8c55b4dcea1399344324fb1a6eaea1086 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Thu, 9 Jan 2025 16:42:09 -0500 Subject: [PATCH] minor refactor --- ...hardware-procurement-and-chain-of-custody.md | 14 ++++++++------ .../tamper-evidence-methods.md | 17 ----------------- .../level-2/fixed-location/provisioner/index.md | 5 ++--- .../src/generated-documents/level-2/hardware.md | 17 +++++++++++++++++ 4 files changed, 27 insertions(+), 26 deletions(-) diff --git a/quorum-key-management/src/component-documents/hardware-procurement-and-chain-of-custody.md b/quorum-key-management/src/component-documents/hardware-procurement-and-chain-of-custody.md index ebc2bcf..377de37 100644 --- a/quorum-key-management/src/component-documents/hardware-procurement-and-chain-of-custody.md +++ b/quorum-key-management/src/component-documents/hardware-procurement-and-chain-of-custody.md @@ -3,7 +3,7 @@ ## Provisioning Chain of Custody -Materials and devices which are used in the context of a high assurance system need to be monitored carefully from the moment they are purchased to ensure there are no single points of failure. Going back to the assumption that participants in the system are subject to [MICE](./glossary.md#MICE) and as such may pose a threat to the system, special care has to be taken that multiple individuals are involved in the whole lifecycle of provisioning a piece of equipment. +Materials and devices which are used in the context of a high assurance system need to be monitored carefully from the moment they are purchased to ensure there are no single points of failure. Going back to the assumption that participants in the system are subject to [MICE](../glossary.md#MICE) and as such may pose a threat to the system, special care has to be taken that multiple individuals are involved in the whole lifecycle of provisioning a piece of equipment. All steps of the provisioning process need to be completed under the supervision of at least 2 individuals, but benefit from having even more individuals present to increase the number of witnesses and allow individuals to take washroom breaks, eat etc. @@ -14,16 +14,18 @@ The following steps must all be completed under the continued supervision and wi 1. Selecting a Purchase Location - * Select at least 4 stores which carry the type of equipment being purchased, then randomly select one using the roll of a die, or other random method. This is done in order to reduce the likelihood that a threat actor is able to plant a compromised computer in a store ahead of time. + * Select at least 4 stores which carry the type of equipment being purchased, then randomly select one using the roll of a die, or other random method. This is done in order to reduce the likelihood that an insider threat is able to plant a compromised computer in a store ahead of time. * Each participant should choose 2 of the stores. -2. Within the store, identify available adequate device +1. Within the store, identify available adequate device -3. Purchase the device and place it in a see-through plastic bag which will be used to transport it to a "processing location", which is ideally just a access controlled space. The bag MUST be a sealable see-through tamper evident bag. It may be necessary to remove the device from it's original packaging to fit it into the sealable bag. +1. Purchase the device and place it in a see-through plastic bag which will be used to transport it to a "processing location", which is ideally just a access controlled space. + * The bag MUST be a sealable see-through tamper evident bag. It may be necessary to remove the device from it's original packaging to fit it into the sealable bag. -4. If the equipment does not have to be tamper proofed, simply deliver it to its storage location, and update the inventory repository with the serial number of the device. +1. If the equipment does not have to be tamper proofed, simply deliver it to its storage location, and update the inventory repository with the serial number of the device. + +1. If the equipment does require tamper proofing, apply the appropriate level of tamper proofing for the security level you are performing the procurement for. -5. If the equipment does require tamper proofing, apply the appropriate level of tamper proofing for the security level you are performing the procurement for. // ANCHOR_END:steps /* ANCHOR_END: all */ \ No newline at end of file diff --git a/quorum-key-management/src/component-documents/tamper-evidence-methods.md b/quorum-key-management/src/component-documents/tamper-evidence-methods.md index c3e05d6..38230c2 100644 --- a/quorum-key-management/src/component-documents/tamper-evidence-methods.md +++ b/quorum-key-management/src/component-documents/tamper-evidence-methods.md @@ -193,23 +193,6 @@ To construct an appropriate Tamper Proofing Station, the simplest setup consists * Powerful LED light which can be attached to the mounting rig -## Digital Camera - -* MUST have >10MP -- [ ] TODO these cameras are specifically for level 2. this should be moved into a different section. perhaps each level can have its own hardware document -- [ ] TODO amazon links are not ideal, more reliable and vetted hardware providers should be established -### Models -// ANCHOR:digital-cameras - -* Modern phone cameras - -* [Kodak PIXPRO Friendly Zoom FZ43-BK 16MP Digital Camera with 4X Optical Zoom and 2.7" LCD Screen](https://www.amazon.com/Kodak-Friendly-FZ43-BK-Digital-Optical/dp/B01CG62D00) - -* [Kodak PIXPRO Friendly Zoom FZ43-BK 16MP Digital Camera with 4X Optical Zoom and 2.7" LCD Screen](https://www.amazon.com/KODAK-Friendly-FZ45-BK-Digital-Optical/dp/B0B8PDHRWY) - -* [Sony Cyber-Shot DSC-W800](https://www.amazon.com/Sony-DSCW800-Digital-Camera-Black/dp/B00I8BIBCW) -// ANCHOR_END:digital-cameras - ## Polaroid camera * Can be attached to mounting rig diff --git a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/index.md b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/index.md index e9b5d53..82abded 100644 --- a/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/index.md +++ b/quorum-key-management/src/generated-documents/level-2/fixed-location/provisioner/index.md @@ -4,9 +4,9 @@ The provisioner is responsible for: * Procuring equipment -* Setting up the [Facility](#facility) +* Setting up the facility -* Maintaining stock of supplies in the [Facility](#facility) +* Maintaining stock of supplies in the facility * Minimizing hardware supply chain security risks @@ -24,7 +24,6 @@ The first task is to bootstrap the operator keys as they are an essential part o ### Procedures Without Prerequisites * [Provision Facility](./provision-facility.md) -* [Provision Keychain Repository](./provision-keychain-repository.md) * [Provision SD Card](./provision-sd-card.md) * [Provision Tamper Proofing Equipment](./provision-tamper-proofing-equipment.md) * [Provision Ceremonies Repository](./provision-ceremonies-repository.md) diff --git a/quorum-key-management/src/generated-documents/level-2/hardware.md b/quorum-key-management/src/generated-documents/level-2/hardware.md index 9d985f4..e1af281 100644 --- a/quorum-key-management/src/generated-documents/level-2/hardware.md +++ b/quorum-key-management/src/generated-documents/level-2/hardware.md @@ -25,4 +25,21 @@ // ANCHOR_END: computer-models +## Digital Camera + +* MUST have >10MP +- [ ] TODO amazon links are not ideal, more reliable and vetted hardware providers should be established + +### Models +// ANCHOR:digital-cameras + +* Modern phone cameras + +* [Kodak PIXPRO Friendly Zoom FZ43-BK 16MP Digital Camera with 4X Optical Zoom and 2.7" LCD Screen](https://www.amazon.com/Kodak-Friendly-FZ43-BK-Digital-Optical/dp/B01CG62D00) + +* [Kodak PIXPRO Friendly Zoom FZ43-BK 16MP Digital Camera with 4X Optical Zoom and 2.7" LCD Screen](https://www.amazon.com/KODAK-Friendly-FZ45-BK-Digital-Optical/dp/B0B8PDHRWY) + +* [Sony Cyber-Shot DSC-W800](https://www.amazon.com/Sony-DSCW800-Digital-Camera-Black/dp/B00I8BIBCW) + +// ANCHOR_END:digital-cameras /* ANCHOR_END: all */ \ No newline at end of file