To comply with Common Criteria requirements, the long-lived keys must be isolated so that they are never present in the application process. The CNG Key Isolation service stores and uses long-lived keys in a secure process that complies with Common Criteria requirements. This provides assurance that the process of specification, implementation, and evaluation of a computer security product has been conducted in a rigorous and standard manner.
It is based on a framework in which computer system users can specify their security requirements, vendors can then implement and make claims about the security attributes of their products, and testing laboratories can evaluate the products to determine if they actually meet the claims. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC).Ĭommon Criteria is an international standard (ISO/IEC 15408) for computer security. The CNG Key Isolation (xxx) service is hosted in the Local Security Authority (LSA) process as part of system cryptography support.
