idnits 2.17.1 draft-turner-ccmib-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 5 instances of too long lines in the document, the longest one being 8 characters in excess of 72. == There are 3 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 2158 has weird spacing: '...ettings for t...' -- The document date (July 8, 2019) is 1755 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Looks like a reference, but probably isn't: '1' on line 5703 -- Looks like a reference, but probably isn't: '2' on line 5706 -- Looks like a reference, but probably isn't: '3' on line 5709 -- Looks like a reference, but probably isn't: '10' on line 5413 -- Looks like a reference, but probably isn't: '20' on line 5417 -- Looks like a reference, but probably isn't: '21' on line 5421 -- Looks like a reference, but probably isn't: '22' on line 5425 Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 N/A J. Sun 3 Internet-Draft M. Irani 4 Intended status: Informational T. Nguyen 5 Expires: January 9, 2020 Naval Information Warfare Center Pacific 6 R. Purvis 7 The MITRE Corporation 8 S. Turner 9 sn3rd 10 July 8, 2019 12 Common Cryptographic MIB (CCMIB) 13 draft-turner-ccmib-03 15 Abstract 17 This document defines a portion of the Management Information Base 18 (MIB) for use with network management protocols in the Internet 19 community. In particular, it describes managed objects used to 20 manage key management implementations including asymmetric keys, 21 symmetric keys, trust anchors, and cryptographic-related firmware. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at http://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on January 9, 2020. 40 Copyright Notice 42 Copyright (c) 2019 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents 47 (http://trustee.ietf.org/license-info) in effect on the date of 48 publication of this document. Please review these documents 49 carefully, as they describe your rights and restrictions with respect 50 to this document. Code Components extracted from this document must 51 include Simplified BSD License text as described in Section 4.e of 52 the Trust Legal Provisions and are provided without warranty as 53 described in the Simplified BSD License. 55 Table of Contents 57 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 58 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 59 3. The Internet-Standard Management Framework . . . . . . . . . 3 60 4. Structure of the MIB module . . . . . . . . . . . . . . . . . 3 61 5. Definition of the CC MIB module . . . . . . . . . . . . . . . 3 62 5.1. Assignments . . . . . . . . . . . . . . . . . . . . . . . 3 63 5.2. Feature Hierarchy . . . . . . . . . . . . . . . . . . . . 4 64 5.3. Device Info . . . . . . . . . . . . . . . . . . . . . . . 6 65 5.4. Key Management Information . . . . . . . . . . . . . . . 24 66 5.5. Key Transfer Pull . . . . . . . . . . . . . . . . . . . . 81 67 5.6. Key Transfer Push . . . . . . . . . . . . . . . . . . . . 96 68 5.7. Security Policy Information . . . . . . . . . . . . . . . 109 69 5.8. Secure Connection Information . . . . . . . . . . . . . . 115 70 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 123 71 7. Security Considerations . . . . . . . . . . . . . . . . . . . 123 72 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 124 73 8.1. Normative References . . . . . . . . . . . . . . . . . . 124 74 8.2. Informative References . . . . . . . . . . . . . . . . . 125 75 Appendix A. Contributors . . . . . . . . . . . . . . . . . . . . 126 76 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 126 78 1. Introduction 80 RFC EDITOR: PLEASE REMOVE THE FOLLOWING PARAGRAPH PRIOR TO 81 PUBLICATION 83 The source for this draft is maintained in GitHub. Suggested changes 84 should be submitted as pull requests at 85 https://github.com/seanturner/draft-turner-ccmib. Instructions are 86 on that page as well. Editorial changes can be managed in GitHub. 88 This document defines a portion of the Management Information Base 89 (MIB) for use with network management protocols in the Internet 90 community. In particular, it describes managed objects used to 91 manage key management implementations including asymmetric keys, 92 symmetric keys, trust anchors, and cryptographic-related firmware. 94 2. Terminology 96 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 97 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 98 "OPTIONAL" in this document are to be interpreted as described in 99 [RFC2119]. 101 3. The Internet-Standard Management Framework 103 For a detailed overview of the documents that describe the current 104 Internet-Standard Management Framework, please refer to section 7 of 105 [RFC3410]. 107 Managed objects are accessed via a virtual information store, termed 108 the Management Information Base or MIB. MIB objects are generally 109 accessed through the Simple Network Management Protocol (SNMP). 110 Objects in the MIB are defined using the mechanisms defined in the 111 Structure of Management Information (SMI). This memo specifies a MIB 112 module that is compliant to the SMIv2, which is described in RFC 2578 113 [RFC2578], STD 58, RFC 2579 [RFC2579], and STD 58, RFC 2580 114 [RFC2580]. 116 4. Structure of the MIB module 118 5. Definition of the CC MIB module 120 5.1. Assignments 122 This MIB module makes reference to the following document: [RFC2578]. 124 CC-ASSIGNMENTS-MIB DEFINITIONS ::= BEGIN 126 IMPORTS 127 MODULE-IDENTITY, enterprises 128 FROM SNMPv2-SMI; -- RFC 2578 130 ccAssignmentsMIB MODULE-IDENTITY 131 LAST-UPDATED "201609302154Z" 132 ORGANIZATION "CCMIB CCB" 133 CONTACT-INFO 134 "CC MIB Configuration Control Board 135 Email: CCMIB.CCB@us.af.mil" 136 DESCRIPTION 137 "This MIB defines the CC MIB tree hierarchical assignments 138 below it and acts as a reservation mechanism. 140 Copyright (c) 2019 IETF Trust and the persons 141 identified as authors of the code. All rights reserved. 143 Redistribution and use in source and binary forms, with 144 or without modification, is permitted pursuant to, and 145 subject to the license terms contained in, the Simplified 146 BSD License set forth in Section 4.c of the IETF Trust's 147 Legal Provisions Relating to IETF Documennts 148 (http://trustee.ietf.org/license-info). 150 This version of this MIB module is part of RFC xxxx; 151 see the RFC itself for full legal notices." 152 REVISION "201609302154Z" 153 -- RFC EDITOR: Please update XXXX with the assigned RFC number. 154 DESCRIPTION "CC MIB 1.0.5 FINAL. Published as RFC xxxx." 155 ::= { ccmib 3 } 157 ccmib OBJECT IDENTIFIER ::= { enterprise 34493 } 159 -- 160 -- Note: Current top-level OID assignments within the CC MIB tree: 161 -- ccmib.3 : CC-ASSIGNMENTS-MIB (this MIB) 162 -- ccmib.3.1 : CC-FEATURE-HIERARCHY-MIB 164 END 166 5.2. Feature Hierarchy 168 This MIB module makes reference to the following document: [RFC2578]. 170 CC-FEATURE-HIERARCHY-MIB DEFINITIONS ::= BEGIN 171 IMPORTS 172 ccAssignmentsMIB 173 FROM CC-ASSIGNMENTS-MIB -- FROM Section 5.1 174 MODULE-IDENTITY 175 FROM SNMPv2-SMI; -- FROM RFC 2578 177 ccFeatureHierarchyMIB MODULE-IDENTITY 178 LAST-UPDATED "201609302154Z" 179 ORGANIZATION "CCMIB CCB" 180 CONTACT-INFO 181 "CC MIB Configuration Control Board 182 Email: CCMIB.CCB@us.af.mil" 183 DESCRIPTION 184 "This MIB defines the CC MIB features in hierarchical MIB 185 tree assignments. It acts as a reservation mechanism for 186 other MIB sets to be anchored below it. 188 Copyright (c) 2019 IETF Trust and the persons 189 identified as authors of the code. All rights reserved. 191 Redistribution and use in source and binary forms, with 192 or without modification, is permitted pursuant to, and 193 subject to the license terms contained in, the Simplified 194 BSD License set forth in Section 4.c of the IETF Trust's 195 Legal Provisions Relating to IETF Documents 196 (http://trustee.ietf.org/license-info). 198 This version of this MIB module is part of RFC xxxx; 199 see the RFC itself for full legal notices." 200 -- RFC Ed.: RFC-editor please fill in xxxx. 201 REVISION "201609302154Z" 202 DESCRIPTION "CC MIB 1.0.5 FINAL. Published as RFC xxxx." 203 -- RFC Ed.: RFC-editor please fill in xxxx. 204 ::= { ccAssignmentsMIB 1 } 206 ccDeviceInfo OBJECT IDENTIFIER 207 ::= { ccFeatureHierarchyMIB 2 } 208 ccKeyManagement OBJECT IDENTIFIER 209 ::= { ccFeatureHierarchyMIB 3 } 210 ccKeyTransferPull OBJECT IDENTIFIER 211 ::= { ccFeatureHierarchyMIB 4 } 212 ccKeyTransferPush OBJECT IDENTIFIER 213 ::= { ccFeatureHierarchyMIB 5 } 214 ccSecurePolicyInfo OBJECT IDENTIFIER 215 ::= { ccFeatureHierarchyMIB 6 } 216 ccSecureConnectionInfo OBJECT IDENTIFIER 217 ::= { ccFeatureHierarchyMIB 7 } 219 END 221 5.3. Device Info 223 This MIB module makes reference to the following documents: 224 [RFC1213], [RFC2578], [RFC2579], [RFC2580], [RFC3411], and [RFC3418]. 226 CC-DEVICE-INFO-MIB DEFINITIONS ::= BEGIN 228 IMPORTS 229 ccDeviceInfo 230 FROM CC-FEATURE-HIERARCHY-MIB -- FROM Sec 5.2 231 MODULE-COMPLIANCE, OBJECT-GROUP, 232 NOTIFICATION-GROUP 233 FROM SNMPv2-CONF -- FROM RFC 2580 234 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 235 MODULE-IDENTITY, TimeTicks 236 FROM SNMPv2-SMI -- FROM RFC 2578 237 SnmpAdminString 238 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 239 DateAndTime, TruthValue, TimeStamp 240 FROM SNMPv2-TC; -- FROM RFC 2579 242 ccDeviceInfoMIB MODULE-IDENTITY 243 LAST-UPDATED "201609302154Z" 244 ORGANIZATION "CCMIB CCB" 245 CONTACT-INFO 246 "CC MIB Configuration Control Board 247 Email: CCMIB.CCB@us.af.mil" 248 DESCRIPTION 249 "This MIB defines the CC MIB Device Information objects. 251 Copyright (c) 2019 IETF Trust and the persons 252 identified as authors of the code. All rights reserved. 254 Redistribution and use in source and binary forms, with 255 or without modification, is permitted pursuant to, and 256 subject to the license terms contained in, the Simplified 257 BSD License set forth in Section 4.c of the IETF Trust's 258 Legal Provisions Relating to IETF Documents 259 (http://trustee.ietf.org/license-info). 261 This version of this MIB module is part of RFC xxxx; 262 see the RFC itself for full legal notices." 263 -- RFC Ed.: RFC-editor please fill in xxxx. 264 REVISION "201609302154Z" 265 DESCRIPTION ""CC MIB 1.0.5 FINAL. Published as RFC xxxx." 266 -- RFC Ed.: RFC-editor please fill in xxxx. 268 ::= { ccDeviceInfo 1 } 270 -- ***************************************************************** 271 -- Device Information Segments 272 -- ***************************************************************** 274 cDeviceInfoConformance OBJECT IDENTIFIER 275 ::= { ccDeviceInfoMIB 1 } 276 cDeviceComponentVersInfo OBJECT IDENTIFIER 277 ::= { ccDeviceInfoMIB 2 } 278 cBatteryInfo OBJECT IDENTIFIER 279 ::= { ccDeviceInfoMIB 3 } 280 cFirmwareInfo OBJECT IDENTIFIER 281 ::= { ccDeviceInfoMIB 4 } 282 cDeviceInfoScalars OBJECT IDENTIFIER 283 ::= { ccDeviceInfoMIB 5 } 284 cDeviceInfoNotify OBJECT IDENTIFIER 285 ::= { ccDeviceInfoMIB 6 } 287 -- ***************************************************************** 288 -- General Device Information Scalars 289 -- ***************************************************************** 291 cSystemDate OBJECT-TYPE 292 SYNTAX DateAndTime 293 MAX-ACCESS read-write 294 STATUS current 295 DESCRIPTION 296 "The host's notion of the local date and time of day. Note, 297 some implementations will not allow changing of this object 298 and will send an inconsistentValue error." 299 ::= { cDeviceInfoScalars 1 } 301 cSystemUpTime OBJECT-TYPE 302 SYNTAX TimeTicks 303 MAX-ACCESS read-only 304 STATUS current 305 DESCRIPTION 306 "The amount of time since this host was last initialized. 307 Note that this is different from sysUpTime in the SNMPv2-MIB 308 RFC 3418 because sysUpTime is the uptime of the network 309 management portion of the system." 310 ::= { cDeviceInfoScalars 2 } 312 cSystemInitialLoadParameters OBJECT-TYPE 313 SYNTAX SnmpAdminString (SIZE(0..128)) 314 MAX-ACCESS read-write 315 STATUS current 316 DESCRIPTION 317 "This object contains the parameters (e.g., a pathname and 318 parameter) supplied to the load device when requesting the 319 initial operating system configuration from that device. 321 Note that writing to this object just changes the 322 configuration that will be used the next time the operating 323 system is loaded and does not actually cause the reload to 324 occur." 325 ::= { cDeviceInfoScalars 3 } 327 cSecurityLevel OBJECT-TYPE 328 SYNTAX SnmpAdminString (SIZE(0..255)) 329 MAX-ACCESS read-write 330 STATUS current 331 DESCRIPTION 332 "The security level that this object is working at. 333 Different communities of interest may have different 334 conventions. The following values are defined and when used 335 by agents have specific meaning: UNCLASSIFIED, RESTRICTED, 336 CONFIDENTIAL, SECRET, TOP_SECRET." 337 ::= { cDeviceInfoScalars 4 } 339 cElectronicSerialNumber OBJECT-TYPE 340 SYNTAX OCTET STRING 341 MAX-ACCESS read-only 342 STATUS current 343 DESCRIPTION 344 "The Electronic Serial Number of the device. This may be the 345 chassis serial number or an internal serial number." 346 ::= { cDeviceInfoScalars 5 } 348 cLastChanged OBJECT-TYPE 349 SYNTAX TimeTicks 350 MAX-ACCESS read-only 351 STATUS current 352 DESCRIPTION 353 "The value of cSystemUpTime the last time any configurable 354 object within the MIBs supported by the device has been 355 modified, created, or deleted by either SNMP, agent, or 356 other management method (e.g., via an HMI). Managers can 357 use this object to ensure that no changes to any 358 configuration within the device have happened since the last 359 time it examined the device. A value of 0 indicates that no 360 objects have been changed since the agent initialized." 361 ::= { cDeviceInfoScalars 6 } 363 cResetDevice OBJECT-TYPE 364 SYNTAX TruthValue 365 MAX-ACCESS read-write 366 STATUS current 367 DESCRIPTION 368 "The indication of whether a device should be reset. Setting 369 this object to 'true' will perform a reset operation of the 370 device. This must not affect the state of any persistent 371 configuration data, zeroize any of the key material or erase 372 the audit log. When read this object should return false. 373 When set to false this object must not perform any operation 374 but should accept this as a valid SET operation." 375 ::= { cDeviceInfoScalars 7 } 377 cSanitizeDevice OBJECT-TYPE 378 SYNTAX TruthValue 379 MAX-ACCESS read-write 380 STATUS current 381 DESCRIPTION 382 "The indication of whether persistent data should be erased. 383 Setting this object to 'true' will erase all persistent data 384 and return the box to an uninitialized state. It will 385 zeroize all keying data, erase all persistent storage and 386 auditing information. Setting this object will certainly 387 render the device unreachable from distant managers since it 388 will be unconfigured. When read this object should return 389 false. When set to false this object must not perform any 390 operation but should accept this as a valid SET operation." 391 ::= { cDeviceInfoScalars 8 } 393 cRenderInoperable OBJECT-TYPE 394 SYNTAX TruthValue 395 MAX-ACCESS read-write 396 STATUS current 397 DESCRIPTION 398 "The indication of whether persistent data should be erased. 399 Setting this object to 'true' will erase all persistent data 400 and return the box to an uninitialized state. It will 401 zeroize all keying data, erase all persistent storage and 402 auditing information. In addition, when supported, the 403 device is expected to perform some internal function that 404 will make the box unusable without returning to the factory 405 or some equivalent. Setting this object will certainly 406 render the device unreachable from distant managers since it 407 will be unconfigured. When read this object should return 408 false. When set to false this object must not perform any 409 operation but should accept this as a valid SET operation." 410 ::= { cDeviceInfoScalars 9 } 412 cVendorName OBJECT-TYPE 413 SYNTAX OCTET STRING 414 MAX-ACCESS read-only 415 STATUS current 416 DESCRIPTION 417 "This object stores the device's vendor name and is intended 418 to be displayed and meaningful to the human operator (e.g. 419 Flinstones Inc). In other words, this object is not intended 420 to store the vendor's authoritative identification value 421 (i.e., sysObjectID RFC 1213)." 422 ::= { cDeviceInfoScalars 10 } 424 cModelIdentifier OBJECT-TYPE 425 SYNTAX OCTET STRING 426 MAX-ACCESS read-only 427 STATUS current 428 DESCRIPTION 429 "This object stores the device's model identifier. In 430 general, this would include the model name and model 431 number." 432 ::= { cDeviceInfoScalars 11 } 434 cHardwareVersionNumber OBJECT-TYPE 435 SYNTAX OCTET STRING 436 MAX-ACCESS read-only 437 STATUS current 438 DESCRIPTION 439 "This object stores the device's hardware version." 440 ::= { cDeviceInfoScalars 12 } 442 -- ***************************************************************** 443 -- Device Information Notifications 444 -- ***************************************************************** 446 cFirmwareInstallFailed NOTIFICATION-TYPE 447 STATUS current 448 DESCRIPTION 449 "A notification from the device to the management station 450 indicating a firmware install failed." 451 ::= { cDeviceInfoNotify 1 } 453 cFirmwareInstallSuccess NOTIFICATION-TYPE 454 OBJECTS { 455 cFirmwareName, 456 cFirmwareVersion, 457 cFirmwareSource 458 } 459 STATUS current 460 DESCRIPTION 461 "A notification from the device to the management station 462 indicating a firmware intsall succeeded." 463 ::= {cDeviceInfoNotify 2} 465 cResetDeviceInitialized NOTIFICATION-TYPE 466 STATUS current 467 DESCRIPTION 468 "A notification from the device to the management station 469 indicating that the device is being reset due to a change in 470 the value of cResetDevice. This notification should be sent 471 before the device performs any other reset operations (such 472 as shutting down interfaces, etc.)" 473 ::= { cDeviceInfoNotify 3 } 475 cSanitizeDeviceInitialized NOTIFICATION-TYPE 476 STATUS current 477 DESCRIPTION 478 "A notification from the device to the management station 479 indicating that the device is being sanitized due to a 480 change in the value of cSanitizeDevice. This notification 481 should be sent before the device performs any other sanitize 482 operations (such as shutting down interfaces, etc.)" 483 ::= { cDeviceInfoNotify 4 } 485 cTamperEventIndicated NOTIFICATION-TYPE 486 STATUS current 487 DESCRIPTION 488 "A notification from the device to the management station 489 indicating that the device has detected a tamper event. This 490 notification should be sent before the device performs any 491 operations (such as shutting down interfaces, etc.)" 492 ::= { cDeviceInfoNotify 5 } 494 cBatteryLow NOTIFICATION-TYPE 495 OBJECTS { 496 cBatteryType, 497 cBatteryOpStatus, 498 cBatteryLowThreshold 499 } 500 STATUS current 501 DESCRIPTION 502 "A notification from the device to the management station 503 indicating a battery has reached the threshold at which a 504 battery warning is indicated." 505 ::= { cDeviceInfoNotify 6 } 507 cBatteryRequiresReplacement NOTIFICATION-TYPE 508 OBJECTS { cBatteryType, cBatteryOpStatus } 509 STATUS current 510 DESCRIPTION 511 "A notification from the device to the management station 512 indicating a battery should be charged or changed 513 immediately." 514 ::= { cDeviceInfoNotify 7 } 516 cDeviceOnBattery NOTIFICATION-TYPE 517 OBJECTS { cBatteryType, cBatteryOpStatus } 518 STATUS current 519 DESCRIPTION 520 "A notificiation from the device to the management station 521 indicating the device is on battery power. This 522 notification is sent when the device is no longer 523 connected to an external power source and is operating 524 using a battery for main power." 525 ::= { cDeviceInfoNotify 8 } 527 cDeviceComponentDisabled NOTIFICATION-TYPE 528 OBJECTS { 529 cDeviceComponentName, 530 cDeviceComponentVersion, 531 cDeviceComponentOpStatus 532 } 533 STATUS current 534 DESCRIPTION 535 "A notification from the device to the management station 536 indicating a component described in the 537 cDeviceComponentVersTable has been disabled." 538 ::= { cDeviceInfoNotify 9 } 540 cDeviceComponentEnabled NOTIFICATION-TYPE 541 OBJECTS { 542 cDeviceComponentName, 543 cDeviceComponentVersion 544 } 545 STATUS current 546 DESCRIPTION 547 "A notification from the device to the management station 548 indicating a component described in the 549 cDeviceComponentVersTable has been enabled." 550 ::= { cDeviceInfoNotify 10 } 552 -- ***************************************************************** 553 -- CC MIB cDeviceComponentVersTable 554 -- ***************************************************************** 555 cDeviceComponentVersTableCount OBJECT-TYPE 556 SYNTAX Unsigned32 557 MAX-ACCESS read-only 558 STATUS current 559 DESCRIPTION 560 "The number of rows in the cDeviceComponentVersTable." 561 ::= { cDeviceComponentVersInfo 1 } 563 cDeviceComponentVersTableLastChanged OBJECT-TYPE 564 SYNTAX TimeStamp 565 MAX-ACCESS read-only 566 STATUS current 567 DESCRIPTION 568 "The last time any entry in the table was modified, created, 569 or deleted by either SNMP, agent, or other management method 570 (e.g., via an HMI). Managers can use this object to ensure 571 that no changes to configuration of this table have happened 572 since the last time it examined the table. A value of 0 573 indicates that no entry has been changed since the agent 574 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 575 should be used to populate this column." 576 ::= { cDeviceComponentVersInfo 2 } 578 cDeviceComponentVersTable OBJECT-TYPE 579 SYNTAX SEQUENCE OF CDeviceComponentVersEntry 580 MAX-ACCESS not-accessible 581 STATUS current 582 DESCRIPTION 583 "The table containing a description of the specification 584 versions of components or specifications supported by the 585 ECU. Note that it is possible for multiple versions of a 586 given specification to be registered within the table." 587 ::= { cDeviceComponentVersInfo 3 } 589 cDeviceComponentVersEntry OBJECT-TYPE 590 SYNTAX CDeviceComponentVersEntry 591 MAX-ACCESS not-accessible 592 STATUS current 593 DESCRIPTION 594 "A row containing a module descriptive name and its version 595 that is supported by this device." 596 INDEX { cDeviceComponentName, cDeviceComponentVersion } 597 ::= { cDeviceComponentVersTable 1 } 599 cDeviceComponentVersEntry ::= SEQUENCE 600 { 601 cDeviceComponentName SnmpAdminString, 602 cDeviceComponentVersion SnmpAdminString, 603 cDeviceComponentOpStatus INTEGER, 604 cDeviceComponentDescription OCTET STRING 605 } 607 cDeviceComponentName OBJECT-TYPE 608 SYNTAX SnmpAdminString (SIZE(1..32)) 609 MAX-ACCESS read-only 610 STATUS current 611 DESCRIPTION 612 "The module name or specification name. The string value to 613 be used in this field should be documented in the text of 614 the specification a given row is reporting information on. 616 Specification names beginning with a prefix of 'vendor-' are 617 reserved for private use by the vendor of the device. 619 The string 'device' (exact) is reserved for vendors to 620 register a software revision version of the device. 622 The string 'hardware' (exact) is reserved for vendors to 623 register a model number of the hardware of the device." 624 ::= { cDeviceComponentVersEntry 1 } 626 cDeviceComponentVersion OBJECT-TYPE 627 SYNTAX SnmpAdminString (SIZE(1..32)) 628 MAX-ACCESS read-only 629 STATUS current 630 DESCRIPTION 631 "The version of the specification or module name listed in 632 the cDeviceComponentName object field in this row. The 633 string value to be used in this field should be documented 634 in the text of a specification, of the device, or elsewhere. 635 If the cDeviceComponentName begins with a 'vendor-' prefix, 636 the format of this field is vendor specific." 637 ::= { cDeviceComponentVersEntry 2 } 639 cDeviceComponentOpStatus OBJECT-TYPE 640 SYNTAX INTEGER { up(1), notReady(2), 641 administrativelyDown(3) } 642 MAX-ACCESS read-write 643 STATUS current 644 DESCRIPTION 645 "The current operational state of the interface feature. 647 This row may be used to enable/disable components or modules 648 in the device, and some implementations may allow for 649 various versions of a component to be activated. Devices may 650 use this construct to roll back versions of a device 651 software, or to allow various software feature versions to 652 be installed. 654 Agents may reject the changing this object for certain rows. 655 An example of this is changing the operational status of a 656 row that describes the software the device and not a 657 particular feature. In this event, the agent should return 658 an inconsistentValue error." 659 ::= { cDeviceComponentVersEntry 3 } 661 cDeviceComponentDescription OBJECT-TYPE 662 SYNTAX OCTET STRING 663 MAX-ACCESS read-write 664 STATUS current 665 DESCRIPTION 666 "A description of the component. Agents may reject the 667 changing this object certain rows. In this event, the agent 668 should return an inconsistentValue error." 669 ::= { cDeviceComponentVersEntry 4 } 671 -- ***************************************************************** 672 -- CC MIB cBatteryInfoTable 673 -- ***************************************************************** 675 cBatteryInfoTableCount OBJECT-TYPE 676 SYNTAX Unsigned32 677 MAX-ACCESS read-only 678 STATUS current 679 DESCRIPTION 680 "The number of rows in the cBatteryInfoTable." 681 ::= { cBatteryInfo 1 } 683 cBatteryInfoTableLastChanged OBJECT-TYPE 684 SYNTAX TimeStamp 685 MAX-ACCESS read-only 686 STATUS current 687 DESCRIPTION 688 "The last time any entry in the table was modified, created, 689 or deleted by either SNMP, agent, or other management 690 method (e.g., via an HMI). Managers can use this object to 691 ensure that no changes to configuration of this table have 692 happened since the last time it examined the table. A 693 value of 0 indicates that no entry has been changed since 694 the agent initialized. The value in CC-DEVICE-INFO-MIB 695 cSystemUpTime should be used to populate this column." 696 ::= { cBatteryInfo 2 } 698 cBatteryInfoTable OBJECT-TYPE 699 SYNTAX SEQUENCE OF CBatteryInfoEntry 700 MAX-ACCESS not-accessible 701 STATUS current 702 DESCRIPTION 703 "The table containing information on each of the batteries 704 installed in the device." 705 ::= { cBatteryInfo 3 } 707 cBatteryInfoEntry OBJECT-TYPE 708 SYNTAX CBatteryInfoEntry 709 MAX-ACCESS not-accessible 710 STATUS current 711 DESCRIPTION 712 "A row contining information on a specific battery. If a 713 device cannot return status of a battery it should not 714 create a row in this table for that battery." 715 INDEX { cBatteryIndex } 716 ::= { cBatteryInfoTable 1 } 718 CBatteryInfoEntry ::= SEQUENCE 719 { 720 cBatteryIndex Unsigned32, 721 cBatteryType INTEGER, 722 cBatteryOpStatus INTEGER, 723 cBatteryLowThreshold Integer32 724 } 726 cBatteryIndex OBJECT-TYPE 727 SYNTAX Unsigned32 728 MAX-ACCESS not-accessible 729 STATUS current 730 DESCRIPTION 731 "A numerical index used to identify the battery. This value 732 uniquely identifies a battery on this device. The value 733 should be persistent for a given battery, but management 734 stations should not depend on it as it may not be possible 735 for some devices to retain identical indexes (especially 736 across reboots)." 737 ::= { cBatteryInfoEntry 1 } 739 cBatteryType OBJECT-TYPE 740 SYNTAX INTEGER { other(1), main(2), clock(3), security(4) } 741 MAX-ACCESS read-only 742 STATUS current 743 DESCRIPTION 744 "The type of battery. Main(2) batteries are used for 745 operation of the device when not connected to a power 746 source. Clock(3) is used to describe batteries which cannot 747 provide main power to the device but maintain clock or 748 other persistent data. Security(4) is used for batteries 749 which perform specific security functions or which may 750 render the device inoperable when the battery is depleted. 751 If a battery is used for both clock and security, Security 752 should be returned. Other(1) describes a battery which is 753 not otherwise defined here." 754 ::= { cBatteryInfoEntry 2 } 756 cBatteryOpStatus OBJECT-TYPE 757 SYNTAX INTEGER { unknown(1), batteryNormal(2), 758 batteryLow(3), batteryDepleted(4), 759 batteryMissing(5) } 760 MAX-ACCESS read-only 761 STATUS current 762 DESCRIPTION 763 "Indication of the status of the battery." 764 ::= { cBatteryInfoEntry 3 } 766 cBatteryLowThreshold OBJECT-TYPE 767 SYNTAX Integer32 (0..100) 768 MAX-ACCESS read-write 769 STATUS current 770 DESCRIPTION 771 "The percentage of capacity at which the cBatteryLow 772 notification will be generated. A value of zero indicates 773 that the notification should never be sent for this 774 battery. This object should not be implemented if the 775 device will detect a low battery, but the actual percentage 776 is not measurable. This object only needs be writable for 777 implementations that support modification of the warning 778 level percentage." 779 ::= { cBatteryInfoEntry 4 } 781 -- ***************************************************************** 782 -- CC MIB cFirmwareInformationTable 783 -- ***************************************************************** 785 cFirmwareInformationTableCount OBJECT-TYPE 786 SYNTAX Unsigned32 787 MAX-ACCESS read-only 788 STATUS current 789 DESCRIPTION 790 "The number of rows in the cFirmwareInformationTable." 791 ::= { cFirmwareInfo 1 } 793 cFirmwareInformationTableLastChanged OBJECT-TYPE 794 SYNTAX TimeStamp 795 MAX-ACCESS read-only 796 STATUS current 797 DESCRIPTION 798 "The last time any entry in the table was modified, created, 799 or deleted by either SNMP, agent, or other management 800 method (e.g., via an HMI). Managers can use this object to 801 ensure that no changes to configuration of this table have 802 happened since the last time it examined the table. A value 803 of 0 indicates that no entry has been changed since the 804 agent initialized. The value in CC-DEVICE-INFO-MIB 805 cSystemUpTime should be used to populate this column." 806 ::= { cFirmwareInfo 2 } 808 cFirmwareInformationTable OBJECT-TYPE 809 SYNTAX SEQUENCE OF CFirmwareInformationEntry 810 MAX-ACCESS not-accessible 811 STATUS current 812 DESCRIPTION 813 "A table that lists firmware versions available in the device, along 814 with their versions and type. This is used to list currently loaded 815 firmware versions of running firmware and other available firmware 816 versions in support of returning to a previous version of the 817 firmware." 818 ::= { cFirmwareInfo 3 } 820 cFirmwareInformationEntry OBJECT-TYPE 821 SYNTAX CFirmwareInformationEntry 822 MAX-ACCESS not-accessible 823 STATUS current 824 DESCRIPTION 825 "A row containing a firmware package name, version, and source." 826 INDEX { cFirmwareName } 827 ::= { cFirmwareInformationTable 1 } 829 CFirmwareInformationEntry ::= SEQUENCE 830 { 831 cFirmwareName OCTET STRING, 832 cFirmwareVersion SnmpAdminString, 833 cFirmwareSource SnmpAdminString, 834 cFirmwareRunning TruthValue, 835 cFirmwareRowStatus RowStatus 836 } 838 cFirmwareName OBJECT-TYPE 839 SYNTAX OCTET STRING (SIZE(1..255)) 840 MAX-ACCESS read-only 841 STATUS current 842 DESCRIPTION 843 "Unique identifier provided in the firmware package." 844 ::= { cFirmwareInformationEntry 1 } 846 cFirmwareVersion OBJECT-TYPE 847 SYNTAX SnmpAdminString (SIZE(1..255)) 848 MAX-ACCESS read-only 849 STATUS current 850 DESCRIPTION 851 "Version of firmware (provided in the package); for legacy 852 firmware packages, this column would be the empty string, 853 ''." 854 ::= { cFirmwareInformationEntry 2 } 856 cFirmwareSource OBJECT-TYPE 857 SYNTAX SnmpAdminString (SIZE(1..255)) 858 MAX-ACCESS read-only 859 STATUS current 860 DESCRIPTION 861 "This column is used by the implementation to describe how 862 the firmware was received. Agents may use any string which 863 adequately describes the interface such as 'USB.' Agents may 864 also reference entries in the ifTable when appropriate. If 865 received using a Cryptographic Device Material server, the 866 exact URI that was used to retrieve the firmware package 867 would be configured in this column." 868 ::= { cFirmwareInformationEntry 3 } 870 cFirmwareRunning OBJECT-TYPE 871 SYNTAX TruthValue 872 MAX-ACCESS read-write 873 STATUS current 874 DESCRIPTION 875 "Indicates if the firmware is currently running. Only one 876 row in the table should have this object set to True at 877 any given time. If this object is set from False to True, 878 the agent must install the firmware, uninstall the previous 879 running firmware and change the cFirmwareRunning object for 880 the previous running firmware from True to False." 881 ::= { cFirmwareInformationEntry 4 } 883 cFirmwareRowStatus OBJECT-TYPE 884 SYNTAX RowStatus 885 MAX-ACCESS read-write 886 STATUS current 887 DESCRIPTION 888 "The status of the row, by which old entries may be deleted 889 from this table. 891 At a minimum, implementations must support destroy 892 management functions. Support for active, notInService, 893 and notReady management functions is optional." 894 ::= {cFirmwareInformationEntry 5} 896 -- ***************************************************************** 897 -- Module Conformance Information 898 -- ***************************************************************** 900 cDeviceInfoCompliances OBJECT IDENTIFIER 901 ::= { cDeviceInfoConformance 1} 903 cDeviceInfoGroups OBJECT IDENTIFIER 904 ::= { cDeviceInfoConformance 2} 906 cDeviceInfoSystemCompliance MODULE-COMPLIANCE 907 STATUS current 908 DESCRIPTION 909 "Compliance levels for system information." 910 MODULE 911 MANDATORY-GROUPS { cDeviceInfoSystemGroup } 913 GROUP cDeviceInfoSystemNotifyGroup 914 DESCRIPTION 915 "This notification group is optional for implementation." 917 OBJECT cSystemInitialLoadParameters 918 MIN-ACCESS not-accessible 919 DESCRIPTION 920 "Implementation of this object is optional." 922 OBJECT cSecurityLevel 923 MIN-ACCESS not-accessible 924 DESCRIPTION 925 "Implementation of this object is optional." 927 cSanitizeDevice 928 MIN-ACCESS not-accessible 929 DESCRIPTION 930 "Implementation of this object is optional." 932 OBJECT cRenderInoperable 933 MIN-ACCESS not-accessible 934 DESCRIPTION 935 "Implementation of this object is optional." 936 ::= { cDeviceInfoCompliances 1 } 938 cDeviceInfoComponentCompliance MODULE-COMPLIANCE 939 STATUS current 940 DESCRIPTION 941 "Compliance levels for component information." 942 MODULE 943 MANDATORY-GROUPS { cDeviceInfoComponentGroup } 945 GROUP cDeviceInfoComponentNotifyGroup 946 DESCRIPTION 947 "This notification group is optional for implementation." 948 ::= { cDeviceInfoCompliances 2 } 950 cDeviceInfoBatteryCompliance MODULE-COMPLIANCE 951 STATUS current 952 DESCRIPTION 953 "Compliance levels for battery information." 954 MODULE 955 MANDATORY-GROUPS { cDeviceInfoBatteryGroup } 957 GROUP cDeviceInfoBatteryNotifyGroup 958 DESCRIPTION 959 "This notification group is optional for implementation." 961 OBJECT cBatteryLowThreshold 962 MIN-ACCESS not-accessible 963 DESCRIPTION 964 "Implementation of this object is optional." 965 ::= { cDeviceInfoCompliances 3 } 967 cDeviceInfoFirmwareCompliance MODULE-COMPLIANCE 968 STATUS current 969 DESCRIPTION 970 "Compliance levels for firmware information." 971 MODULE 972 MANDATORY-GROUPS { cDeviceInfoFirmwareGroup } 974 GROUP cDeviceInfoFirmwareNotifyGroup 975 DESCRIPTION 976 "This notification group is optional for implementation." 977 ::= { cDeviceInfoCompliances 4 } 979 cDeviceInfoSystemGroup OBJECT-GROUP 980 OBJECTS { 981 cSystemDate, 982 cSystemUpTime, 983 cSystemInitialLoadParameters, 984 cSecurityLevel, 985 cElectronicSerialNumber, 986 cLastChanged, 987 cResetDevice, 988 cSanitizeDevice, 989 cRenderInoperable, 990 cVendorName, 991 cModelIdentifier, 992 cHardwareVersionNumber 993 } 994 STATUS current 995 DESCRIPTION 996 "This group is composed of objects related to system 997 information." 998 ::= { cDeviceInfoGroups 1 } 1000 cDeviceInfoComponentGroup OBJECT-GROUP 1001 OBJECTS { 1002 cDeviceComponentVersTableCount, 1003 cDeviceComponentVersTableLastChanged, 1004 cDeviceComponentName, 1005 cDeviceComponentVersion, 1006 cDeviceComponentOpStatus, 1007 cDeviceComponentDescription 1008 } 1009 STATUS current 1010 DESCRIPTION 1011 "This group is composed of objects related to component 1012 information." 1013 ::= { cDeviceInfoGroups 2 } 1015 cDeviceInfoBatteryGroup OBJECT-GROUP 1016 OBJECTS { 1017 cBatteryInfoTableCount, 1018 cBatteryInfoTableLastChanged, 1019 cBatteryType, 1020 cBatteryOpStatus, 1021 cBatteryLowThreshold 1022 } 1023 STATUS current 1024 DESCRIPTION 1025 "This group is composed of objects related to battery 1026 information." 1027 ::= { cDeviceInfoGroups 3 } 1029 cDeviceInfoFirmwareGroup OBJECT-GROUP 1030 OBJECTS { 1031 cFirmwareInformationTableCount, 1032 cFirmwareInformationTableLastChanged, 1033 cFirmwareName, 1034 cFirmwareVersion, 1035 cFirmwareSource, 1036 cFirmwareRunning, 1037 cFirmwareRowStatus 1038 } 1039 STATUS current 1040 DESCRIPTION 1041 "This group is composed of objects related to firmware 1042 information." 1043 ::= { cDeviceInfoGroups 4 } 1045 cDeviceInfoSystemNotifyGroup NOTIFICATION-GROUP 1046 NOTIFICATIONS { 1047 cResetDeviceInitialized, 1048 cSanitizeDeviceInitialized, 1049 cTamperEventIndicated, 1050 cSanitizeDeviceInitialized 1051 } 1052 STATUS current 1053 DESCRIPTION 1054 "This group is composed of notifications related to system 1055 information." 1056 ::= { cDeviceInfoGroups 5 } 1058 cDeviceInfoComponentNotifyGroup NOTIFICATION-GROUP 1059 NOTIFICATIONS { 1060 cDeviceComponentDisabled, 1061 cDeviceComponentEnabled 1062 } 1063 STATUS current 1064 DESCRIPTION 1065 "This group is composed of notifications related to 1066 component information." 1067 ::= { cDeviceInfoGroups 6 } 1069 cDeviceInfoBatteryNotifyGroup NOTIFICATION-GROUP 1070 NOTIFICATIONS { 1071 cBatteryLow, 1072 cBatteryRequiresReplacement, 1073 cDeviceOnBattery 1074 } 1075 STATUS current 1076 DESCRIPTION 1077 "This group is composed of notifications related to battery 1078 information." 1079 ::= { cDeviceInfoGroups 7 } 1081 cDeviceInfoFirmwareNotifyGroup NOTIFICATION-GROUP 1082 NOTIFICATIONS { 1083 cFirmwareInstallFailed, 1084 cFirmwareInstallSuccess 1085 } 1086 STATUS current 1087 DESCRIPTION 1088 "This group is composed of notifications related to firmware 1089 information." 1090 ::= { cDeviceInfoGroups 8 } 1092 END 1094 5.4. Key Management Information 1096 This MIB module makes references to the following documents: 1097 [RFC2578], [RFC2579], [RFC2580], [RFC3411], [RFC5280], [RFC5914], 1098 [RFC6030], and [RFC6353]. 1100 CC-KEY-MANAGEMENT-MIB DEFINITIONS ::= BEGIN 1102 IMPORTS 1103 ccKeyManagement 1104 FROM CC-FEATURE-HIERARCHY-MIB -- FROM Sec 5.2 1105 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 1106 MODULE-IDENTITY 1107 FROM SNMPv2-SMI -- FROM RFC 2578 1108 SnmpAdminString 1109 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 1110 RowPointer, RowStatus, DateAndTime, 1111 TruthValue, TimeStamp 1112 FROM SNMPv2-TC -- FROM RFC 2579 1113 MODULE-COMPLIANCE, OBJECT-GROUP, 1114 NOTIFICATION-GROUP 1115 FROM SNMPv2-CONF -- FROM RFC 2580 1116 SnmpTLSFingerprint 1117 FROM SNMP-TLS-TM-MIB; -- FROM RFC 6353 1119 ccKeyManagementMIB MODULE-IDENTITY 1120 LAST-UPDATED "201609302154Z" 1121 ORGANIZATION "CCMIB CCB" 1122 CONTACT-INFO 1123 "CC MIB Configuration Control Board 1124 Email: CCMIB.CCB@us.af.mil" 1125 DESCRIPTION 1126 "This MIB defines the CC MIB Key Managment objects. 1128 Copyright (c) 2019 IETF Trust and the persons 1129 identified as authors of the code. All rights reserved. 1131 Redistribution and use in source and binary forms, with 1132 or without modification, is permitted pursuant to, and 1133 subject to the license terms contained in, the Simplified 1134 BSD License set forth in Section 4.c of the IETF Trust's 1135 Legal Provisions Relating to IETF Documents 1136 (http://trustee.ietf.org/license-info). 1138 This version of this MIB module is part of RFC xxxx; 1139 see the RFC itself for full legal notices." 1140 -- RFC Ed.: RFC-editor please fill in xxxx. 1141 REVISION "201609302154Z" 1142 DESCRIPTION ""CC MIB 1.0.5 FINAL. Published as RFC xxxx." 1143 -- RFC Ed.: RFC-editor please fill in xxxx. 1144 ::= { ccKeyManagement 1 } 1146 -- ***************************************************************** 1147 -- Key Management Information Segments 1148 -- ***************************************************************** 1150 cSymmetricKeyInfo OBJECT IDENTIFIER 1151 ::= { ccKeyManagementMIB 1 } 1152 cAsymKeyInfo OBJECT IDENTIFIER 1153 ::= { ccKeyManagementMIB 2 } 1154 cTrustAnchorInfo OBJECT IDENTIFIER 1155 ::= { ccKeyManagementMIB 3 } 1156 cCKLInfo OBJECT IDENTIFIER 1157 ::= { ccKeyManagementMIB 4 } 1158 cCDMStoreInfo OBJECT IDENTIFIER 1159 ::= { ccKeyManagementMIB 5 } 1160 cCertSubAltNameInfo OBJECT IDENTIFIER 1161 ::= { ccKeyManagementMIB 6 } 1162 cCertPathCtrlsInfo OBJECT IDENTIFIER 1163 ::= { ccKeyManagementMIB 7 } 1164 cCertPolicyInfo OBJECT IDENTIFIER 1165 ::= { ccKeyManagementMIB 8 } 1166 cPolicyMappingInfo OBJECT IDENTIFIER 1167 ::= { ccKeyManagementMIB 9 } 1168 cNameConstraintInfo OBJECT IDENTIFIER 1169 ::= { ccKeyManagementMIB 10 } 1170 cKeyManagementScalars OBJECT IDENTIFIER 1171 ::= { ccKeyManagementMIB 11 } 1172 cKeyManagementNotify OBJECT IDENTIFIER 1173 ::= { ccKeyManagementMIB 12 } 1174 cKeyManagementConformance OBJECT IDENTIFIER 1175 ::= { ccKeyManagementMIB 13 } 1176 cRemoteKeyMaterialInfo OBJECT IDENTIFIER 1177 ::= { ccKeyManagementMIB 14 } 1179 -- ***************************************************************** 1180 -- Key Management Information Scalars 1181 -- ***************************************************************** 1183 cZeroizeAllKeys OBJECT-TYPE 1184 SYNTAX TruthValue 1185 MAX-ACCESS read-write 1186 STATUS current 1187 DESCRIPTION 1188 "Setting this object to 'true' removes all entries in key 1189 material tables and zeroizes key materials. It is applicable 1190 to symmetric keys, asymmetric keys, and Trust Anchors (TA). 1191 It must not modify any other information in the device such 1192 as the persistent storage or the audit log. When read this 1193 object should return false. If this object is set to the 1194 same value as the current value, the device must not perform 1195 any operation but should accept this as a valid SET 1196 operation. Note after being set to true, an agent should 1197 reset this object to false once it has zeroized all the keys 1198 stored in the device." 1199 ::= { cKeyManagementScalars 1 } 1201 cZeroizeSymmetricKeyTable OBJECT-TYPE 1202 SYNTAX TruthValue 1203 MAX-ACCESS read-write 1204 STATUS current 1205 DESCRIPTION 1206 "Setting this object to 'true' removes all entries in the 1207 cSymmetricKeyTablekey and zeroizes the associated key 1208 materials. This operation must not modify any other 1209 information in the device such as the persistent storage or 1210 the audit log. When read this object should return false. If 1211 this object is set to the same value as the current value, 1212 the device must not perform any operation but should accept 1213 this as a valid SET operation. Note after being set to true, 1214 an agent should reset this object to false once it has 1215 zeroized the specific key materials stored in the device." 1216 ::= { cKeyManagementScalars 2 } 1218 cZeroizeAsymKeyTable OBJECT-TYPE 1219 SYNTAX TruthValue 1220 MAX-ACCESS read-write 1221 STATUS current 1222 DESCRIPTION 1223 "Setting this object to 'true' removes all entries in the 1224 cAsymKeyTable, cCertSubAltNameTable, and zeroizes the 1225 associated key materials. This operation must not modify any 1226 other information in the device such as the persistent 1227 storage or the audit log. When read this object should 1228 return false. If this object is set to the same value as the 1229 current value, the device must not perform any operation but 1230 should accept this as a valid SET operation. Note after 1231 being set to true, an agent should reset this object to 1232 false once it has zeroized the specific key materials stored 1233 in the device." 1234 ::= { cKeyManagementScalars 3 } 1236 cZeroizeTrustAnchorTable OBJECT-TYPE 1237 SYNTAX TruthValue 1238 MAX-ACCESS read-write 1239 STATUS current 1240 DESCRIPTION 1241 "Setting this object to 'true' removes all entries in the 1242 cTrustAnchorTable. This operation must not modify any other 1243 information in the device such as the persistent storage or 1244 the audit log. When read this object should return false. If 1245 this object is set to the same value as the current value, 1246 the device must not perform any operation but should accept 1247 this as a valid SET operation. Note after being set to true, 1248 an agent should reset this object to false once it has 1249 zeroized the specific key materials stored in the device. 1251 Some implementations may restrict the deletion of Trust 1252 Anchors to specific protocols (e.g., TAMP)." 1253 ::= { cKeyManagementScalars 4 } 1255 cZeroizeCDMStoreTable OBJECT-TYPE 1256 SYNTAX TruthValue 1257 MAX-ACCESS read-write 1258 STATUS current 1259 DESCRIPTION 1260 "Setting this object to 'true' removes all entries in the 1261 cCDMStoreTable that are of type symkey, asymkey, and 1262 trustAnchor. This operation must not modify any other 1263 information in the device such as the persistent storage or 1264 the audit log. When read this object should return false. If 1265 this object is set to the same value as the current value, 1266 the device must not perform any operation but should accept 1267 this as a valid SET operation. Note after being set to true, 1268 an agent should reset this object to false once it has 1269 zeroized the specific key materials stored in the device." 1270 ::= { cKeyManagementScalars 5 } 1272 cKeyMaterialTableOID OBJECT-TYPE 1273 SYNTAX OBJECT IDENTIFIER 1274 MAX-ACCESS read-write 1275 STATUS current 1276 DESCRIPTION 1277 "The OID of the table for which (1) a successful or failed 1278 configuration occurred upon a key material load or (2) a key 1279 material has expired, will expire, or had its expiration 1280 date changed (3) a key material has been zeroized." 1281 ::= { cKeyManagementScalars 6 } 1283 cKeyMaterialFingerprint OBJECT-TYPE 1284 SYNTAX SnmpTLSFingerprint 1285 MAX-ACCESS accessible-for-notify 1286 STATUS current 1287 DESCRIPTION 1288 "The fingerprint of the key material to be transmitted in a 1289 notification." 1290 ::= { cKeyManagementScalars 7 } 1292 cSymKeyGlobalExpiryWarning OBJECT-TYPE 1293 SYNTAX Unsigned32 1294 UNITS "days" 1295 MAX-ACCESS read-write 1296 STATUS current 1297 DESCRIPTION 1298 "A global setting, indicating the number of days prior to 1299 the expiration date of a symmetric key (value of 1300 cSymKeyExpirationDate in the associated cSymmetricKeyTable 1301 entry) for which the cKeyMaterialExpiring notification will 1302 be transmitted. 1304 The value in this object is only used if no value exists for 1305 the associated cSymmetricKeyTable entry's 1306 cSymKeyExpiryWarning object." 1307 ::= { cKeyManagementScalars 8 } 1309 cAsymKeyGlobalExpiryWarning OBJECT-TYPE 1310 SYNTAX Unsigned32 1311 UNITS "days" 1312 MAX-ACCESS read-write 1313 STATUS current 1314 DESCRIPTION 1315 "A global setting, indicating the number of days prior to 1316 the expiration date of an asymmetric key (value of 1317 cAsymKeyExpirationDate in the associated cAsymKeyTable 1318 entry) for which the cKeyMaterialExpiring notification will 1319 be transmitted. 1321 The value in this object is only used if no value exists for 1322 the associated cAsymKeyTable entry's cAsymKeyExpiryWarning 1323 object." 1324 ::= { cKeyManagementScalars 9 } 1326 cGenerateKeyType OBJECT-TYPE 1327 SYNTAX INTEGER { x509v3(1), psk(2) } 1328 MAX-ACCESS read-write 1329 STATUS current 1330 DESCRIPTION 1331 "The type of key material to be generated 1333 [1] x509v3: X.509v3 certificate per RFC 5280. 1334 [2] Symmetric Pre-Shared Key." 1335 ::= { cKeyManagementScalars 10 } 1337 cGenerateKey OBJECT-TYPE 1338 SYNTAX TruthValue 1339 MAX-ACCESS read-write 1340 STATUS current 1341 DESCRIPTION 1342 "Setting this object to 'true' will force the generation of 1343 key material, based on the type of key material described in 1344 cGenerateKeyType. Post-generation, the agent must create an 1345 entry in the appropriate key material table that captures 1346 information on this key. 1348 Note after being set to true, an agent should reset this 1349 object to false once the key material has been generated and 1350 an entry created in the appropriate table." 1351 ::= { cKeyManagementScalars 11 } 1353 -- ***************************************************************** 1354 -- Key Management Notifications 1355 -- ***************************************************************** 1357 cKeyMaterialLoadSuccess NOTIFICATION-TYPE 1358 OBJECTS { cKeyMaterialTableOID } 1359 STATUS current 1360 DESCRIPTION 1361 "An attempt to load the device with key material, identified 1362 by the table identifier (e.g., cSymmetricKeyTable), has 1363 succeeded. This notification may be sent upon a single 1364 successful key material load or may be sent upon a series of 1365 successful single key material loads." 1366 ::= { cKeyManagementNotify 1 } 1368 cKeyMaterialLoadFail NOTIFICATION-TYPE 1369 OBJECTS { cKeyMaterialTableOID } 1370 STATUS current 1371 DESCRIPTION 1372 "An attempt to load the device with key material, identified 1373 by the table identifier (e.g., cSymmetricKeyTable), has 1374 failed." 1375 ::= { cKeyManagementNotify 2 } 1377 cKeyMaterialExpiring NOTIFICATION-TYPE 1378 OBJECTS { 1379 cKeyMaterialFingerprint, 1380 cKeyMaterialTableOID 1381 } 1382 STATUS current 1383 DESCRIPTION 1384 "Key Material, identified by Key Fingerprint and OID of the 1385 associated key material table, is about to expire. This 1386 notification is transmitted prior to the key material's 1387 configured expiration date 1388 (cSymKeyExpirationDate/cAsymKeyExpirationDate) as indicated 1389 by a global setting 1390 (cSymKeyGlobalExpiryWarning/cAsymKeyGlobalExpiryWarning) or 1391 the granular setting per key material table entry 1392 (cSymKeyExpiryWarning/cAsymKeyExpiryWarning) if configured." 1393 ::= { cKeyManagementNotify 3 } 1395 cKeyMaterialExpired NOTIFICATION-TYPE 1396 OBJECTS { 1397 cKeyMaterialFingerprint, 1398 cKeyMaterialTableOID 1399 } 1400 STATUS current 1401 DESCRIPTION 1402 "Key Material, identified by Key Fingerprint and OID of the 1403 associated key material table, has expired." 1404 ::= { cKeyManagementNotify 4 } 1406 cKeyMaterialExpirationChanged NOTIFICATION-TYPE 1407 OBJECTS { 1408 cKeyMaterialFingerprint, 1409 cKeyMaterialTableOID 1410 } 1411 STATUS current 1412 DESCRIPTION 1413 "The expiration date of Key Material, identified by Key 1414 Fingerprint and the OID of the associated key material 1415 table, has changed. This can happen by either the 1416 'Expiration' object in the table changing or by the device 1417 making a change due to some other automated security policy 1418 change such as automatically extending a key when no new key 1419 is available." 1420 ::= { cKeyManagementNotify 5 } 1422 cKeyMaterialZeroized NOTIFICATION-TYPE 1423 OBJECTS { 1424 cKeyMaterialFingerprint, 1425 cKeyMaterialTableOID 1426 } 1427 STATUS current 1428 DESCRIPTION 1429 "A key material, identified by fingerprint and OID of the 1430 associated key material table, has been securely deleted and 1431 zeroized. This notification is transmitted upon setting the 1432 Row Status object of the associated key material table entry 1433 to 'destroy', setting the cZeroizeAllKeys object to 'true', 1434 setting the cZeroizeSymmetricKeyTable object to 'true', 1435 setting the cZeroizeAsymKeyTable object to 'true', setting 1436 the cZeroizeTrustAnchorTable object to 'true', or setting 1437 the cZeroizeCDMStoreTable object to 'true'." 1438 ::= { cKeyManagementNotify 6 } 1440 cCKLLoadSuccess NOTIFICATION-TYPE 1441 OBJECTS { 1442 cCKLIndex, 1443 cCKLIssuer 1444 } 1445 STATUS current 1446 DESCRIPTION 1447 "An attempt to load the device with CKL, identified by 1448 cCKLIndex and cCKLIssuer (indexes to the cCKLTable), has 1449 succeeded." 1450 ::= { cKeyManagementNotify 7 } 1452 cCKLLoadFail NOTIFICATION-TYPE 1453 STATUS current 1454 DESCRIPTION 1455 "An attempt to load the device with CKL has failed." 1456 ::= { cKeyManagementNotify 8 } 1458 cCDMAdded NOTIFICATION-TYPE 1459 OBJECTS { 1460 cCDMStoreIndex, 1461 cCDMStoreType 1462 } 1463 STATUS current 1464 DESCRIPTION 1465 "A new cryptographic device material (CDM) entry has been 1466 added to the cCDMStoreTable, as identified cCDMStoreIndex 1467 and cCDMStoreType." 1468 ::= { cKeyManagementNotify 9 } 1470 cCDMDeleted NOTIFICATION-TYPE 1471 OBJECTS { 1472 cCDMStoreIndex, 1473 cCDMStoreType, 1474 cCDMStoreFriendlyName 1475 } 1476 STATUS current 1477 DESCRIPTION 1478 "A cryptographic device material (CDM) entry has been 1479 deleted from the cCDMStoreTable, as identified 1480 cCDMStoreIndex, cCDMStoreType and cCDMStoreFriendlyName." 1481 ::= { cKeyManagementNotify 10 } 1483 cTrustAnchorAdded NOTIFICATION-TYPE 1484 OBJECTS { 1485 cTrustAnchorFingerprint, 1486 cTrustAnchorFormatType, 1487 cTrustAnchorUsageType 1488 } 1489 STATUS current 1490 DESCRIPTION 1491 "A trust anchor has been added to the cTrustAnchorTable, as 1492 identified by cTrustAnchorFingerprint, 1493 cTrustAnchorFormatType, and cTrustAnchorUsageType." 1494 ::= { cKeyManagementNotify 11 } 1496 cTrustAnchorUpdated NOTIFICATION-TYPE 1497 OBJECTS { 1498 cTrustAnchorFingerprint, 1499 cTrustAnchorFormatType, 1500 cTrustAnchorUsageType 1501 } 1502 STATUS current 1503 DESCRIPTION 1504 "A trust anchor has been updated in the cTrustAnchorTable, 1505 as identified by cTrustAnchorFingerprint, 1506 cTrustAnchorFormatType, and cTrustAnchorUsageType." 1507 ::= { cKeyManagementNotify 12 } 1509 cTrustAnchorRemoved NOTIFICATION-TYPE 1510 OBJECTS { 1511 cTrustAnchorFingerprint, 1512 cTrustAnchorFormatType, 1513 cTrustAnchorUsageType 1514 } 1516 STATUS current 1517 DESCRIPTION 1518 "A trust anchor has been removed from the cTrustAnchorTable, 1519 as identified by cTrustAnchorFingerprint, 1520 cTrustAnchorFormatType, and cTrustAnchorUsageType." 1521 ::= { cKeyManagementNotify 13 } 1523 -- ***************************************************************** 1524 -- CC MIB cSymmetricKeyTable 1525 -- ***************************************************************** 1527 cSymmetricKeyTableCount OBJECT-TYPE 1528 SYNTAX Unsigned32 1529 MAX-ACCESS read-only 1530 STATUS current 1531 DESCRIPTION 1532 "The number of rows in the cSymmetricKeyTable." 1533 ::= { cSymmetricKeyInfo 1 } 1535 cSymmetricKeyTableLastChanged OBJECT-TYPE 1536 SYNTAX TimeStamp 1537 MAX-ACCESS read-only 1538 STATUS current 1539 DESCRIPTION 1540 "The last time any entry in the table was modified, created, 1541 or deleted by either SNMP, agent, or other management method 1542 (e.g., via an HMI). Managers can use this object to ensure 1543 that no changes to configuration of this table have happened 1544 since the last time it examined the table. A value of 0 1545 indicates that no entry has been changed since the agent 1546 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 1547 should be used to populate this column." 1548 ::= { cSymmetricKeyInfo 2 } 1550 cSymmetricKeyTable OBJECT-TYPE 1551 SYNTAX SEQUENCE OF CSymmetricKeyEntry 1552 MAX-ACCESS not-accessible 1553 STATUS current 1554 DESCRIPTION 1555 "The table containing the various types of symmetric keys 1556 used by the device." 1557 ::= { cSymmetricKeyInfo 3 } 1559 cSymmetricKeyEntry OBJECT-TYPE 1560 SYNTAX CSymmetricKeyEntry 1561 MAX-ACCESS not-accessible 1562 STATUS current 1563 DESCRIPTION 1564 "A row containing information about a Symmetric Key." 1565 INDEX { cSymKeyFingerprint } 1566 ::= { cSymmetricKeyTable 1 } 1568 CSymmetricKeyEntry ::= SEQUENCE { 1569 cSymKeyFingerprint SnmpTLSFingerprint, 1570 cSymKeyUsage BITS, 1571 cSymKeyID OCTET STRING, 1572 cSymKeyIssuer OCTET STRING, 1573 cSymKeyEffectiveDate DateAndTime, 1574 cSymKeyExpirationDate DateAndTime, 1575 cSymKeyExpiryWarning Unsigned32, 1576 cSymKeyNumberOfTransactions Unsigned32, 1577 cSymKeyFriendlyName SnmpAdminString, 1578 cSymKeyClassification BITS, 1579 cSymKeySource OCTET STRING, 1580 cSymKeyRowStatus RowStatus 1581 } 1583 cSymKeyFingerprint OBJECT-TYPE 1584 SYNTAX SnmpTLSFingerprint 1585 MAX-ACCESS not-accessible 1586 STATUS current 1587 DESCRIPTION 1588 "An inherent identification of the symmetric key and the 1589 primary index to the cSymmetricKeyTable. 1591 This MIB does not provide any additional requirements on 1592 developing the fingerprint. Implementations are cautioned to 1593 develop the hash in a manner that does not compromise the 1594 security of the key material." 1595 ::= { cSymmetricKeyEntry 1 } 1597 cSymKeyUsage OBJECT-TYPE 1598 SYNTAX BITS { oneTimePassword(0), challengeResponse(1), 1599 unlock(2), encrypt(3), decrypt(4), 1600 integrity(5), verify(6), keyWrap(7), 1601 unwrap(8), derive(9), generate(10), 1602 sharedSecret(11) } 1603 MAX-ACCESS read-create 1604 STATUS current 1605 DESCRIPTION 1606 "The intended usage for the key: One Time Password (OTP), 1607 Challenge/Response (CR), Unlock, Encrypt, Decrypt, 1608 Integrity, Verify, KeyWrap, Unwrap, Derive, Generate, 1609 Shared Secret. From RFC 6030 section 5. 1611 OTP: The key is used for One Time Password (OTP) generation. 1613 CR: The key is used for Challenge/Response purposes. 1615 Unlock: The key is used for an inverse challenge response in 1616 the case where a user has locked the device by entering a 1617 wrong password too many times (for devices with password 1618 input capability). 1620 Encrypt: The key is used for data encryption purposes. 1622 Integrity: The key is used to generate a keyed message 1623 digest for data integrity or authentication purposes. 1625 Verify: The key is used to verify a keyed message digest for 1626 data integrity or authentication purposes (this is the 1627 opposite key usage of 'Integrity'). 1629 Decrypt: The key is used for data decryption purposes. 1631 KeyWrap: The key is used for key wrap purposes. 1633 Unwrap: The key is used for key unwrap purposes. 1635 Derive: The key is used with a key derivation function to 1636 derive a new key. 1638 Generate: The key is used to generate a new key based on a 1639 random number and the previous value of the key. 1641 Shared Secret: The key is used as a shared secret between 1642 entities. 1644 Bit value translation: 1645 1000 0000 0000 0000 = OneTimePassword 1646 0100 0000 0000 0000 = ChallengeResponse 1647 0010 0000 0000 0000 = Unlock 1648 0001 0000 0000 0000 = Encrypt 1649 0000 1000 0000 0000 = Decrypt 1650 0000 0100 0000 0000 = Integrity 1651 0000 0010 0000 0000 = Verify 1652 0000 0001 0000 0000 = KeyWrap 1653 0000 0000 1000 0000 = Unwrap 1654 0000 0000 0100 0000 = Derive 1655 0000 0000 0010 0000 = Generate 1656 0000 0000 0001 0000 = SharedSecret" 1657 ::= { cSymmetricKeyEntry 2 } 1659 cSymKeyID OBJECT-TYPE 1660 SYNTAX OCTET STRING (SIZE(1..255)) 1661 MAX-ACCESS read-create 1662 STATUS current 1663 DESCRIPTION 1664 "Represents a unique identifier assigned to this symmetric 1665 key. This would typically be an identifier inherent to the 1666 key material, such as a serial number or other form of 1667 identifier derived from a tag or other key wrapper. This 1668 object differs from cSymKeyFriendlyName which is a 1669 user-defined ID." 1670 ::= { cSymmetricKeyEntry 3 } 1672 cSymKeyIssuer OBJECT-TYPE 1673 SYNTAX OCTET STRING (SIZE(1..255)) 1674 MAX-ACCESS read-create 1675 STATUS current 1676 DESCRIPTION 1677 "Represents the name of the entity which issued the key. Use 1678 a distinguished name (DN) when one is available." 1679 ::= { cSymmetricKeyEntry 4 } 1681 cSymKeyEffectiveDate OBJECT-TYPE 1682 SYNTAX DateAndTime 1683 MAX-ACCESS read-create 1684 STATUS current 1685 DESCRIPTION 1686 "The effective date of the key." 1687 ::= { cSymmetricKeyEntry 5 } 1689 cSymKeyExpirationDate OBJECT-TYPE 1690 SYNTAX DateAndTime 1691 MAX-ACCESS read-create 1692 STATUS current 1693 DESCRIPTION 1694 "The expiration date of the key." 1695 ::= { cSymmetricKeyEntry 6 } 1697 cSymKeyExpiryWarning OBJECT-TYPE 1698 SYNTAX Unsigned32 1699 UNITS "days" 1700 MAX-ACCESS read-create 1701 STATUS current 1702 DESCRIPTION 1703 "The number of days prior to the expiration date of this key 1704 (cSymKeyExpirationDate) for which the cKeyMaterialExpiring 1705 notification will be transmitted. 1707 If configured, the scalar value of 1708 cSymKeyGlobalExpiryWarning will be ignored. The value of 1709 cSymKeyGlobalExpiryWarning will only be used if this column 1710 is not populated, populated with 0, or not implemented." 1711 ::= { cSymmetricKeyEntry 7 } 1713 cSymKeyNumberOfTransactions OBJECT-TYPE 1714 SYNTAX Unsigned32 1715 MAX-ACCESS read-create 1716 STATUS current 1717 DESCRIPTION 1718 "Indicates the maximum number of times a key can be used 1719 after having received it. If this column is not implemented, 1720 then there is no restriction regarding the number of times a 1721 key can be used. 1723 When this number is reached, implementations supporting this 1724 object should stop using this key and send a 1725 cKeyMaterialExpired notification." 1726 ::= { cSymmetricKeyEntry 8 } 1728 cSymKeyFriendlyName OBJECT-TYPE 1729 SYNTAX SnmpAdminString 1730 MAX-ACCESS read-create 1731 STATUS current 1732 DESCRIPTION 1733 "A human readable label of the key for easier reference. It 1734 is used only for helpful or informational purposes." 1735 ::= { cSymmetricKeyEntry 9 } 1737 cSymKeyClassification OBJECT-TYPE 1738 SYNTAX BITS { unclassified(0), restricted(1), 1739 confidential(2), secret(3), topSecret(4) } 1740 MAX-ACCESS read-create 1741 STATUS current 1742 DESCRIPTION 1743 "The classification of the key. 1744 Bit value translation: 1745 1000 0000 = unclassified 1746 0100 0000 = restricted 1747 0010 0000 = confidential 1748 0001 0000 = secret 1749 0000 1000 = topSecret 1750 This column does not exist for devices that do not have the 1751 concept of classification." 1752 ::= { cSymmetricKeyEntry 10 } 1754 cSymKeySource OBJECT-TYPE 1755 SYNTAX OCTET STRING (SIZE(1..255)) 1756 MAX-ACCESS read-create 1757 STATUS current 1758 DESCRIPTION 1759 "The source of the key material. This can be the URI of a 1760 key source entity. If the key was derived from a user-input 1761 password, the string should say PASSWORD. 1763 Keys developed by the device should contain the string 1764 DEVICE-GENERATED. If the key was filled locally then this 1765 column should begin with the word FILL followed by the fill 1766 protocol. If the source is unknown, this column should not 1767 be populated or be set to an empty string, ''." 1768 ::= { cSymmetricKeyEntry 11 } 1770 cSymKeyRowStatus OBJECT-TYPE 1771 SYNTAX RowStatus 1772 MAX-ACCESS read-create 1773 STATUS current 1774 DESCRIPTION 1775 "The status of this row by which existing entries may be 1776 deleted from this table. Setting this column to destroy is 1777 synonymous with zeroizing the key. Any reference(s) to this 1778 object, upon setting this RowStatus to destroy, should be 1779 destroyed as well. 1781 Upon populating this row, this column should automatically 1782 be set to notReady. Only after valid information has been 1783 entered by the manager, can the manager set this column to 1784 active. 1786 At a minimum, implementations must support active and 1787 destroy management functions. Implementations must support 1788 createAndWait and createAndGo management functions for this 1789 object if the symmetric key material can be manually entered 1790 by the manager." 1791 ::= { cSymmetricKeyEntry 12 } 1793 -- ***************************************************************** 1794 -- CC MIB cAsymKeyTable 1795 -- ***************************************************************** 1797 cAsymKeyTableCount OBJECT-TYPE 1798 SYNTAX Unsigned32 1799 MAX-ACCESS read-only 1800 STATUS current 1801 DESCRIPTION 1802 "The number of rows in the cAsymKeyTable." 1803 ::= { cAsymKeyInfo 1 } 1805 cAsymKeyTableLastChanged OBJECT-TYPE 1806 SYNTAX TimeStamp 1807 MAX-ACCESS read-only 1808 STATUS current 1809 DESCRIPTION 1810 "The last time any entry in the table was modified, created, 1811 or deleted by either SNMP, agent, or other management method 1812 (e.g., via an HMI). Managers can use this object to ensure 1813 that no changes to configuration of this table have happened 1814 since the last time it examined the table. A value of 0 1815 indicates that no entry has been changed since the agent 1816 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 1817 should be used to populate this column." 1818 ::= { cAsymKeyInfo 2 } 1820 cAsymKeyTable OBJECT-TYPE 1821 SYNTAX SEQUENCE OF CAsymKeyEntry 1822 MAX-ACCESS not-accessible 1823 STATUS current 1824 DESCRIPTION 1825 "The table containing the Asymmetric Key Material and 1826 Certificates used by the device. Enumeration values, when 1827 applicable follow the conventions in RFC 5280." 1828 ::= { cAsymKeyInfo 3 } 1830 cAsymKeyEntry OBJECT-TYPE 1831 SYNTAX CAsymKeyEntry 1832 MAX-ACCESS not-accessible 1833 STATUS current 1834 DESCRIPTION 1835 "A row containing information about an Asymmetric Key or 1836 Certificate." 1837 INDEX { cAsymKeyFingerprint } 1838 ::= { cAsymKeyTable 1 } 1840 CAsymKeyEntry ::= SEQUENCE { 1841 cAsymKeyFingerprint SnmpTLSFingerprint, 1842 cAsymKeyFriendlyName SnmpAdminString, 1843 cAsymKeySerialNumber OCTET STRING, 1844 cAsymKeyIssuer OCTET STRING, 1845 cAsymKeySignatureAlgorithm OCTET STRING, 1846 cAsymKeyPublicKeyAlgorithm OCTET STRING, 1847 cAsymKeyEffectiveDate DateAndTime, 1848 cAsymKeyExpirationDate DateAndTime, 1849 cAsymKeyExpiryWarning Unsigned32, 1850 cAsymKeySubject OCTET STRING, 1851 cAsymKeySubjectType BITS, 1852 cAsymKeySubjectAltName SnmpAdminString, 1853 cAsymKeyUsage BITS, 1854 cAsymKeyClassification BITS, 1855 cAsymKeySource OCTET STRING, 1856 cAsymKeyRowStatus RowStatus, 1857 cAsymKeyVersion INTEGER, 1858 cAsymKeyRekey TruthValue, 1859 cAsymKeyType OCTET STRING, 1860 cAsymKeyAutoRekeyEnable TruthValue 1861 } 1863 cAsymKeyFingerprint OBJECT-TYPE 1864 SYNTAX SnmpTLSFingerprint 1865 MAX-ACCESS read-only 1866 STATUS current 1867 DESCRIPTION 1868 "An inherent identification of the asymmetric key and the 1869 primary index to the cAsymKeyTable." 1870 ::= { cAsymKeyEntry 1 } 1872 cAsymKeyFriendlyName OBJECT-TYPE 1873 SYNTAX SnmpAdminString 1874 MAX-ACCESS read-write 1875 STATUS current 1876 DESCRIPTION 1877 "A human readable label of the key for easier reference. It 1878 is used only for helpful or informational purposes." 1879 ::= { cAsymKeyEntry 2 } 1881 cAsymKeySerialNumber OBJECT-TYPE 1882 SYNTAX OCTET STRING (SIZE(1..255)) 1883 MAX-ACCESS read-only 1884 STATUS current 1885 DESCRIPTION 1886 "The unique positive integer assigned to the Asymmetric 1887 Key. For Public Key Certificate (PKC) this serial number is 1888 assigned by the Certification Authority (CA). The value is 1889 this column can be up to 20 bytes long per Section 1890 '4.1.2.2. Serial Number' of RFC 5280. Other types of Key 1891 Material may have different serial number format as defined 1892 by the issuer (e.g., a Key Material ID)." 1893 ::= { cAsymKeyEntry 3 } 1895 cAsymKeyIssuer OBJECT-TYPE 1896 SYNTAX OCTET STRING (SIZE(1..255)) 1897 MAX-ACCESS read-only 1898 STATUS current 1899 DESCRIPTION 1900 "The issuer of this key material. For Public Key 1901 Certificates, this is the distinguished name (DN) of the 1902 entity that has signed and issued the Public Key 1903 Certificate (PKC). Other issuers shall be defined by the 1904 class of device and will reference the Key Management 1905 System that delivers the key material for that device." 1906 ::= { cAsymKeyEntry 4 } 1908 cAsymKeySignatureAlgorithm OBJECT-TYPE 1909 SYNTAX OCTET STRING 1910 MAX-ACCESS read-only 1911 STATUS current 1912 DESCRIPTION 1913 "Signature algorithm used by a Certification Authority to 1914 sign this asymmetric key material (e.g., X.509 1915 Certificate). If no signature/signature algorithm is 1916 provided/used, this column would not exist. 1918 Note, this is a free form OCTET STRING column, meaning 1919 implementations may utilize a standardized definition of 1920 string values or use a proprietary definition of string 1921 values for supported signature algorithms." 1922 ::= { cAsymKeyEntry 5 } 1924 cAsymKeyPublicKeyAlgorithm OBJECT-TYPE 1925 SYNTAX OCTET STRING 1926 MAX-ACCESS read-only 1927 STATUS current 1928 DESCRIPTION 1929 "Public key algorithm with which the public key is used (as 1930 associated with the asymmetric key material (e.g., X.509 1931 Certificate)). 1933 Note, this is a free form OCTET STRING column, meaning 1934 implementations may utilize a standardized definition of 1935 string values or use a proprietary definition of string 1936 values for supported public key algorithms." 1937 ::= { cAsymKeyEntry 6 } 1939 cAsymKeyEffectiveDate OBJECT-TYPE 1940 SYNTAX DateAndTime 1941 MAX-ACCESS read-write 1942 STATUS current 1943 DESCRIPTION 1944 "The date on which the validity period of the Asymmetric 1945 Key begins. This column must not exist when the key 1946 material does not have an inherent and associated effective 1947 date." 1948 ::= { cAsymKeyEntry 7 } 1950 cAsymKeyExpirationDate OBJECT-TYPE 1951 SYNTAX DateAndTime 1952 MAX-ACCESS read-write 1953 STATUS current 1954 DESCRIPTION 1955 "The date on which the validity period of the Asymmetric 1956 Key ends. This column must not exist when the key material 1957 does not have an inherent and associated expiration date." 1958 ::= { cAsymKeyEntry 8 } 1960 cAsymKeyExpiryWarning OBJECT-TYPE 1961 SYNTAX Unsigned32 1962 UNITS "days" 1963 MAX-ACCESS read-write 1964 STATUS current 1965 DESCRIPTION 1966 "The number of days prior to the expiration date of this 1967 key (cAsymKeyExpirationDate) for which the 1968 cKeyMaterialExpiring notification will be transmitted. 1970 If configured, the scalar value of 1971 cAsymKeyGlobalExpiryWarning will be ignored. The value of 1972 cAsymKeyGlobalExpiryWarning will only be used if this 1973 column is not populated, populated with 0, or not 1974 implemented." 1975 ::= { cAsymKeyEntry 9 } 1977 cAsymKeySubject OBJECT-TYPE 1978 SYNTAX OCTET STRING (SIZE(1..255)) 1979 MAX-ACCESS read-only 1980 STATUS current 1981 DESCRIPTION 1982 "The entity associated with this Asymmetric Key. 1984 For non-X.509 based key material, or when this object does 1985 not apply for the key material, this column will not 1986 exist." 1987 ::= { cAsymKeyEntry 10 } 1989 cAsymKeySubjectType OBJECT-TYPE 1990 SYNTAX BITS { other(0), certificationAuthority(1), 1991 crlIssuer(2) } 1992 MAX-ACCESS read-only 1993 STATUS current 1994 DESCRIPTION 1995 "Defines the type of subject based on the following 1996 choices. certificationAuthority(1) - When set to 1 1997 indicates that the subject (cAsymKeySubject) of the Public 1998 Key Certificate (PKC) is a Certification Authority (CA). 1999 crlIssuer(2) - When set to 1 indicates that the subject 2000 (cCertificateSubject) of the Public Key Certificate (PKC) 2001 is a Certificate Revocation List (CRL) issuer. 2002 Bit value translation: 2003 1000 0000 = other 2004 0100 0000 = certificationAuthority 2005 0010 0000 = crlIssuer 2006 For non-X.509 based key material, or when this object does 2007 not apply for the key material, this column will not 2008 exist." 2009 ::= { cAsymKeyEntry 11 } 2011 cAsymKeySubjectAltName OBJECT-TYPE 2012 SYNTAX SnmpAdminString (SIZE(1..32)) 2013 MAX-ACCESS read-write 2014 STATUS current 2015 DESCRIPTION 2016 "A reference string that points to a set of Certificate 2017 Subject Alternative Subject Names in the 2018 cCertSubAltNameTable. 2020 This column should contain an empty string if the 2021 Certificate has no associating Subject Alternative Names. 2023 For non-X.509 based key material, or when this object does 2024 not apply for the key material, this column will not 2025 exist." 2026 ::= { cAsymKeyEntry 12 } 2028 cAsymKeyUsage OBJECT-TYPE 2029 SYNTAX BITS { other(0), digitalSignature(1), 2030 nonRepudiation(2), keyEncipherment(3), 2031 dataEncipherment(4), keyAgreement(5), 2032 keyCertSign(6), cRLSign(7), encipherOnly(8), 2033 decipherOnly(9) } 2034 MAX-ACCESS read-write 2035 STATUS current 2036 DESCRIPTION 2037 "Provides the intended type of usage for the Asymmetric 2038 Key. The following types are supported (defined in Section 2039 4.2.1.3 Key Usage of RFC 5280 for PKC): 2040 other(0), digitalSignature(1), nonRepudiation(2), 2041 keyEncipherment(3), dataEncipherment(4), keyAgreement(5), 2042 keyCertSign(6), cRLSign(7), encipherOnly(8), and 2043 decipherOnly(9) 2044 Bit value translation: 2045 1000 0000 0000 0000 = other 2046 0100 0000 0000 0000 = digitalSignature 2047 0010 0000 0000 0000 = nonRepudiation 2048 0001 0000 0000 0000 = keyEncipherment 2049 0000 1000 0000 0000 = dataEncipherment 2050 0000 0100 0000 0000 = keyAgreement 2051 0000 0010 0000 0000 = keyCertSign 2052 0000 0001 0000 0000 = cRLSign 2053 0000 0000 1000 0000 = encipherOnly 2054 0000 0000 0100 0000 = decipherOnly 2055 Devices using asymmetric key material not adhering to RFC 2056 5280 (X.509 format) may still use an applicable value for 2057 the Usage, or may use 'other'." 2058 ::= { cAsymKeyEntry 13 } 2060 cAsymKeyClassification OBJECT-TYPE 2061 SYNTAX BITS { unclassified(0), restricted(1), 2062 confidential(2), secret(3), topSecret(4) } 2063 MAX-ACCESS read-only 2064 STATUS current 2065 DESCRIPTION 2066 "The supported classification level supported by the 2067 cAsymKeySubject used by this key material 2068 Bit value translation: 2069 1000 0000 = unclassified, 2070 0100 0000 = restricted, 2071 0010 0000 = confidential, 2072 0001 0000 = secret, 2073 0000 1000 = topSecret. 2075 This column does not exist for devices that do not have the 2076 concept of classification." 2077 ::= { cAsymKeyEntry 14 } 2079 cAsymKeySource OBJECT-TYPE 2080 SYNTAX OCTET STRING (SIZE(1..255)) 2081 MAX-ACCESS read-write 2082 STATUS current 2083 DESCRIPTION 2084 "The source of the key material. This can be the URI of a 2085 key source entity. Keys developed by the device should 2086 contain the string DEVICE-GENERATED. If the key was filled 2087 locally then this column should begin with the word FILL 2088 followed by the fill protocol. If the source is unknown, 2089 this column should be blank." 2090 ::= { cAsymKeyEntry 15 } 2092 cAsymKeyRowStatus OBJECT-TYPE 2093 SYNTAX RowStatus 2094 MAX-ACCESS read-write 2095 STATUS current 2096 DESCRIPTION 2097 "The status of this row by which existing entries may be 2098 deleted from this table. Deleting a row in this table will 2099 also delete analogous rows in the cCertSubAltNameTable that 2100 are referenced by the cAsymKeySubjectAltName. 2102 Setting this column to destroy is synonymous with zeroizing 2103 the key material. Any reference(s) to this object, upon 2104 setting this RowStatus to destroy, should be destroyed as 2105 well. At a minimum, implementations must support active and 2106 destroy management functions. Support for notInService and 2107 notReady management functions is optional. Implementations 2108 must not support createAndWait and createAndGo management 2109 functions for this object." 2110 ::= { cAsymKeyEntry 16 } 2112 cAsymKeyVersion OBJECT-TYPE 2113 SYNTAX INTEGER 2114 MAX-ACCESS read-only 2115 STATUS current 2116 DESCRIPTION 2117 "The version of the asymmetric key material. For example, 2118 X.509 Version 3 certificates would have a value of '2', as 2119 defined in RFC 5280 - Section 4.1.2.1. 2121 When this object does not apply for the key material, this 2122 column will not exist." 2123 ::= { cAsymKeyEntry 17 } 2125 cAsymKeyRekey OBJECT-TYPE 2126 SYNTAX TruthValue 2127 MAX-ACCESS read-create 2128 STATUS current 2129 DESCRIPTION 2130 "Setting this object to 'true' initates a rekey operation 2131 for the asymmetric key material. Note, additional 2132 configurations will likely be required based on the 2133 supported key management protocol. 2135 Note after being set to true, an agent should reset this 2136 object to false once the rekey operation has completed." 2137 ::= { cAsymKeyEntry 18 } 2139 cAsymKeyType OBJECT-TYPE 2140 SYNTAX OCTET STRING (SIZE(1..255)) 2141 MAX-ACCESS read-only 2142 STATUS current 2143 DESCRIPTION 2144 "This column describes the type of asymmetric key material. 2146 Note, this is a free form OCTET STRING column. 2147 Implementations are expected to utilize definition of string 2148 values that apply to their specific nomenclature supported. 2149 If no such nomenclature exists, this column should not be 2150 populated or be set to an empty string (i.e., '')." 2151 ::= { cAsymKeyEntry 19 } 2153 cAsymKeyAutoRekeyEnable OBJECT-TYPE 2154 SYNTAX TruthValue 2155 MAX-ACCESS read-write 2156 STATUS current 2157 DESCRIPTION 2158 "Controls the automatic rekey settings for this PKC. 2160 [true] Enables automatic rekey. 2161 [false] Disables automatic rekey. 2163 This column is optional to support." 2164 DEFVAL { false } 2165 ::= { cAsymKeyEntry 20 } 2167 -- ***************************************************************** 2168 -- CC MIB cTrustAnchorTable 2169 -- ***************************************************************** 2171 cTrustAnchorTableCount OBJECT-TYPE 2172 SYNTAX Unsigned32 2173 MAX-ACCESS read-only 2174 STATUS current 2175 DESCRIPTION 2176 "The number of rows in the cTrustAnchorTable." 2177 ::= { cTrustAnchorInfo 1 } 2179 cTrustAnchorTableLastChanged OBJECT-TYPE 2180 SYNTAX TimeStamp 2181 MAX-ACCESS read-only 2182 STATUS current 2183 DESCRIPTION 2184 "The last time any entry in the table was modified, created, 2185 or deleted by either SNMP, agent, or other management method 2186 (e.g., via an HMI). Managers can use this object to ensure 2187 that no changes to configuration of this table have happened 2188 since the last time it examined the table. A value of 0 2189 indicates that no entry has been changed since the agent 2190 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2191 should be used to populate this column." 2192 ::= { cTrustAnchorInfo 2 } 2194 cTrustAnchorTable OBJECT-TYPE 2195 SYNTAX SEQUENCE OF CTrustAnchorEntry 2196 MAX-ACCESS not-accessible 2197 STATUS current 2198 DESCRIPTION 2199 "The table containing the Trust Anchors (TAs) in this 2200 device." 2201 ::= { cTrustAnchorInfo 3 } 2203 cTrustAnchorEntry OBJECT-TYPE 2204 SYNTAX CTrustAnchorEntry 2205 MAX-ACCESS not-accessible 2206 STATUS current 2207 DESCRIPTION 2208 "A row containing information about a Trust Anchor (TA) that 2209 has been loaded into the device." 2210 INDEX { cTrustAnchorFingerprint } 2211 ::= { cTrustAnchorTable 1 } 2213 CTrustAnchorEntry ::= SEQUENCE { 2214 cTrustAnchorFingerprint SnmpTLSFingerprint, 2215 cTrustAnchorFormatType INTEGER, 2216 cTrustAnchorName OCTET STRING, 2217 cTrustAnchorUsageType INTEGER, 2218 cTrustAnchorKeyIdentifier OCTET STRING, 2219 cTrustAnchorPublicKeyAlgorithm OCTET STRING, 2220 cTrustAnchorContingencyAvail TruthValue, 2221 cTrustAnchorRowStatus RowStatus, 2222 cTrustAnchorVersion OCTET STRING 2223 } 2225 cTrustAnchorFingerprint OBJECT-TYPE 2226 SYNTAX SnmpTLSFingerprint 2227 MAX-ACCESS read-only 2228 STATUS current 2229 DESCRIPTION 2230 "An inherent identification of the trust anchor and the 2231 primary index to the cTrustAnchorTable." 2232 ::= { cTrustAnchorEntry 1 } 2234 cTrustAnchorFormatType OBJECT-TYPE 2235 SYNTAX INTEGER { x509v3(1), trustAnchorFormat(2), 2236 tbsCertificate(3) } 2238 MAX-ACCESS read-only 2239 STATUS current 2240 DESCRIPTION 2241 "The type/format of the trust anchor. 2243 [1] x509v3: X.509v3 certificate per RFC 5280. 2244 [2] trustAnchorFormat: Trust Anchor Format per RFC 5914. 2245 [3] tbsCertificate: To Be Signed Certificate per RFC 5280." 2246 ::= { cTrustAnchorEntry 2 } 2248 cTrustAnchorName OBJECT-TYPE 2249 SYNTAX OCTET STRING (SIZE(0..255)) 2250 MAX-ACCESS read-only 2251 STATUS current 2252 DESCRIPTION 2253 "The name of the Trust Anchor. When available, this is the 2254 X.500 distinguished name (DN) associated with the Trust 2255 Anchor (TA) used to construct and validate an X.509 2256 certification path. When the value of cTrustAnchorFormatType 2257 is 'trustAnchorFormat', this column is populated with the 2258 value from the taTitle field of the TrustAnchorInfo 2259 structure defined in RFC 5914, which is a human-readable 2260 name for the trust anchor. Otherwise, this column should be 2261 blank." 2262 ::= { cTrustAnchorEntry 3 } 2264 cTrustAnchorUsageType OBJECT-TYPE 2265 SYNTAX INTEGER { other(1), apex(2), management(3), 2266 identity(4), firmware(5), crl(6) } 2267 MAX-ACCESS read-only 2268 STATUS current 2269 DESCRIPTION 2270 "The usage type for the Trust Anchor (TA). Note, crl(6) also 2271 applies to compromised key lists." 2272 ::= { cTrustAnchorEntry 4 } 2274 cTrustAnchorKeyIdentifier OBJECT-TYPE 2275 SYNTAX OCTET STRING (SIZE(1..255)) 2276 MAX-ACCESS read-only 2277 STATUS current 2278 DESCRIPTION 2279 "The identifier of the Trust Anchor's (TA's) public key." 2280 ::= { cTrustAnchorEntry 5 } 2282 cTrustAnchorPublicKeyAlgorithm OBJECT-TYPE 2283 SYNTAX OCTET STRING 2284 MAX-ACCESS read-only 2285 STATUS current 2286 DESCRIPTION 2287 "Public key algorithm with which the public key is used (as 2288 associated with the trust anchor). 2290 Note, this is a free form OCTET STRING column, meaning 2291 implementations may utilize a standardized definition of 2292 string values or use a proprietary definition of string 2293 values for supported public key algorithms." 2294 ::= { cTrustAnchorEntry 6 } 2296 cTrustAnchorContingencyAvail OBJECT-TYPE 2297 SYNTAX TruthValue 2298 MAX-ACCESS read-only 2299 STATUS current 2300 DESCRIPTION 2301 "An indication of the availability of a contingency key for 2302 an Apex Trust Anchor. When set to 'True', a contingency key 2303 is available." 2304 ::= { cTrustAnchorEntry 7 } 2306 cTrustAnchorRowStatus OBJECT-TYPE 2307 SYNTAX RowStatus 2308 MAX-ACCESS read-write 2309 STATUS current 2310 DESCRIPTION 2311 "The status of this row by which existing entries may be 2312 deleted from this table. Setting this column to destroy is 2313 synonymous with zeroizing the Trust Anchor (TA). Any 2314 reference(s) to this object, upon setting this RowStatus to 2315 destroy, should be destroyed as well. 2317 At a minimum, implementations must support active and 2318 destroy management functions. Support for notInService and 2319 notReady management functions is optional. Implementations 2320 must not support createAndWait and createAndGo management 2321 functions for this object. 2323 Some implementations may restrict the deletion of Trust 2324 Anchors to specific protocols (e.g., TAMP)." 2325 ::= { cTrustAnchorEntry 8 } 2327 cTrustAnchorVersion OBJECT-TYPE 2328 SYNTAX OCTET STRING 2329 MAX-ACCESS read-only 2330 STATUS current 2331 DESCRIPTION 2332 "The version of the Trust Anchor." 2333 ::= { cTrustAnchorEntry 9 } 2335 -- ***************************************************************** 2336 -- CC MIB cCKLTable 2337 -- ***************************************************************** 2339 cCKLTableCount OBJECT-TYPE 2340 SYNTAX Unsigned32 2341 MAX-ACCESS read-only 2342 STATUS current 2343 DESCRIPTION 2344 "The number of rows in the cCKLTable." 2345 ::= { cCKLInfo 1 } 2347 cCKLLastChanged OBJECT-TYPE 2348 SYNTAX TimeStamp 2349 MAX-ACCESS read-only 2350 STATUS current 2351 DESCRIPTION 2352 "The last time any entry in the table was modified, created, 2353 or deleted by either SNMP, agent, or other management method 2354 (e.g., via an HMI). Managers can use this object to ensure 2355 that no changes to configuration of this table have happened 2356 since the last time it examined the table. A value of 0 2357 indicates that no entry has been changed since the agent 2358 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2359 should be used to populate this column." 2360 ::= { cCKLInfo 2 } 2362 cCKLTable OBJECT-TYPE 2363 SYNTAX SEQUENCE OF CCKLEntry 2364 MAX-ACCESS not-accessible 2365 STATUS current 2366 DESCRIPTION 2367 "The table containing the Compromised Key Lists and 2368 Certificate Revocation Lists (CRLS) used by the device. This 2369 table is used both for CRLs as defined in RFC 5280 and for 2370 other formats of revocation lists (such as Compromised Key 2371 Lists.)" 2372 ::= { cCKLInfo 3 } 2374 cCKLEntry OBJECT-TYPE 2375 SYNTAX CCKLEntry 2376 MAX-ACCESS not-accessible 2377 STATUS current 2378 DESCRIPTION 2379 "A row containing information about a Compromised Key List 2380 or Certificate Revocation List (CRL) used by the device." 2381 INDEX { cCKLIndex, cCKLIssuer } 2382 ::= { cCKLTable 1 } 2384 CCKLEntry ::= SEQUENCE { 2385 cCKLIndex Unsigned32, 2386 cCKLIssuer OCTET STRING, 2387 cCKLSerialNumber OCTET STRING, 2388 cCKLIssueDate DateAndTime, 2389 cCKLNextUpdate DateAndTime, 2390 cCKLRowStatus RowStatus, 2391 cCKLVersion INTEGER, 2392 cCKLLastUpdate DateAndTime 2393 } 2395 cCKLIndex OBJECT-TYPE 2396 SYNTAX Unsigned32 2397 MAX-ACCESS read-only 2398 STATUS current 2399 DESCRIPTION 2400 "An ID that uniquely identifies the Compromised Key List 2401 (CKL) in this table." 2402 ::= { cCKLEntry 1 } 2404 cCKLIssuer OBJECT-TYPE 2405 SYNTAX OCTET STRING (SIZE(0..255)) 2406 MAX-ACCESS read-only 2407 STATUS current 2408 DESCRIPTION 2409 "For devices adhering to RFC 5280 this is the X.500 2410 distinguished name (DN) of the entity that has signed and 2411 issued the Certificate Revocation List (CRL). 2413 Other CRL/CKL issuers may use proprietary naming conventions 2414 or formats. 2416 If the source is unknown, this column should not be 2417 populated or be set to an empty string, ''." 2418 ::= { cCKLEntry 2 } 2420 cCKLSerialNumber OBJECT-TYPE 2421 SYNTAX OCTET STRING (SIZE(0..255)) 2422 MAX-ACCESS read-only 2423 STATUS current 2424 DESCRIPTION 2425 "A Serial Number for this CRL or CKL. 2427 For CRLs adhering to RFC 5280, this will be a monotonically 2428 increasing sequence number for a given Certificate 2429 Revocation List (CRL) scope and CRL issuer. The CRL Number 2430 allows users to easily determine when a particular CKL/CRL 2431 supersedes another CKL/CRL." 2433 ::= { cCKLEntry 3 } 2435 cCKLIssueDate OBJECT-TYPE 2436 SYNTAX DateAndTime 2437 MAX-ACCESS read-only 2438 STATUS current 2439 DESCRIPTION 2440 "The issue date of this CRL/CKL." 2441 ::= { cCKLEntry 4 } 2443 cCKLNextUpdate OBJECT-TYPE 2444 SYNTAX DateAndTime 2445 MAX-ACCESS read-only 2446 STATUS current 2447 DESCRIPTION 2448 "The date by which the next CKL/CRL issued. The next CRL 2449 could be issued before the indicated date, but it will not 2450 be issued any later than the indicated date. 2452 If this value is unknown, this column should not be 2453 populated or be set to an empty string, ''." 2454 ::= { cCKLEntry 5 } 2456 cCKLRowStatus OBJECT-TYPE 2457 SYNTAX RowStatus 2458 MAX-ACCESS read-write 2459 STATUS current 2460 DESCRIPTION 2461 "The status of this row by which existing entries may be 2462 deleted from this table. 2464 At a minimum, implementations must support active and 2465 destroy management functions. Support for notInService and 2466 notReady management functions is optional. Implementations 2467 must not support createAndWait and createAndGo management 2468 functions for this object." 2469 ::= { cCKLEntry 6 } 2471 cCKLVersion OBJECT-TYPE 2472 SYNTAX INTEGER 2473 MAX-ACCESS read-only 2474 STATUS current 2475 DESCRIPTION 2476 "The version of the CKL/CRL. For example, X.509 Version 2 2477 CRLs would have a value of '1', as defined in RFC 5280 - 2478 Section 5.1.2.1. 2480 When this object does not apply for the CKL/CRL, this column 2481 will not exist." 2482 ::= { cCKLEntry 7 } 2484 cCKLLastUpdate OBJECT-TYPE 2485 SYNTAX DateAndTime 2486 MAX-ACCESS read-only 2487 STATUS current 2488 DESCRIPTION 2489 "The date this CKL/CRL was last updated." 2490 ::= { cCKLEntry 8 } 2492 -- ***************************************************************** 2493 -- CC MIB cCDMStoreTable 2494 -- ***************************************************************** 2496 cCDMStoreTableCount OBJECT-TYPE 2497 SYNTAX Unsigned32 2498 MAX-ACCESS read-only 2499 STATUS current 2500 DESCRIPTION 2501 "The number of rows in the cCDMStoreTable." 2502 ::= { cCDMStoreInfo 1 } 2504 cCDMStoreTableLastChanged OBJECT-TYPE 2505 SYNTAX TimeStamp 2506 MAX-ACCESS read-only 2507 STATUS current 2508 DESCRIPTION 2509 "The last time any entry in the table was modified, created, 2510 or deleted by either SNMP, agent, or other management method 2511 (e.g., via an HMI). Managers can use this object to ensure 2512 that no changes to configuration of this table have happened 2513 since the last time it examined the table. A value of 0 2514 indicates that no entry has been changed since the agent 2515 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2516 should be used to populate this column." 2517 ::= { cCDMStoreInfo 2 } 2519 cCDMStoreTable OBJECT-TYPE 2520 SYNTAX SEQUENCE OF CCDMStoreEntry 2521 MAX-ACCESS not-accessible 2522 STATUS current 2523 DESCRIPTION 2524 "The table containing various types of stored Crypto Device 2525 Material (CDM) that are destined for this device and/or 2526 destined for another device. When sending CDM to a destined 2527 device, the cCDMTransferPkgLocatorRowPtr from the 2528 CC-KEY-TRANSFER-PUSH-MIB can be used to point to the rows in 2529 this table." 2530 ::= { cCDMStoreInfo 3 } 2532 cCDMStoreEntry OBJECT-TYPE 2533 SYNTAX CCDMStoreEntry 2534 MAX-ACCESS not-accessible 2535 STATUS current 2536 DESCRIPTION 2537 "A row containing information about stored Crypto Device 2538 Material (CDM)." 2539 INDEX { cCDMStoreIndex } 2540 ::= { cCDMStoreTable 1 } 2542 CCDMStoreEntry ::= SEQUENCE { 2543 cCDMStoreIndex Unsigned32, 2544 cCDMStoreType INTEGER, 2545 cCDMStoreSource SnmpAdminString, 2546 cCDMStoreID OCTET STRING, 2547 cCDMStoreFriendlyName SnmpAdminString, 2548 cCDMStoreControl INTEGER, 2549 cCDMStoreRowStatus RowStatus 2550 } 2552 cCDMStoreIndex OBJECT-TYPE 2553 SYNTAX Unsigned32 2554 MAX-ACCESS read-only 2555 STATUS current 2556 DESCRIPTION 2557 "A numeric index that identifies a unique location in this 2558 table." 2559 ::= { cCDMStoreEntry 1 } 2561 cCDMStoreType OBJECT-TYPE 2562 SYNTAX INTEGER { symKey(1), asymKey(2), trustAnchor(3), 2563 crl(4), ckl(5), firmware(6), 2564 storeAndForwardWrappedPkg(7), 2565 storeAndForwardPkg(8) } 2566 MAX-ACCESS read-only 2567 STATUS current 2568 DESCRIPTION 2569 "The type of Crypto Device Material (CDM) populated in this 2570 row. 2572 (1) symKey - This row contains information about a stored 2573 symmetric key. 2574 (2) asymKey - This row contains information about a stored 2575 asymmetric key. 2576 (3) trustAnchor - This row contains information about a 2577 stored Trust Anchor (TA). 2578 (4) crl - This row contains information about a stored 2579 Certificate Revocation List (CRL). 2580 (5) ckl - This row contains information about a stored 2581 Compromised Key List (CKL). 2582 (6) firmware - This row contains information about stored 2583 firmware. 2584 (7) storeAndForwardWrappedPkg - This row contains 2585 information about a stored encrypted wrapped package, 2586 typically meant to be forwarded to another device. 2587 (8) storeAndForwardPkg - This row contains information 2588 about a stored unencrypted, typically meant to be 2589 forwarded to another device." 2590 ::= { cCDMStoreEntry 2 } 2592 cCDMStoreSource OBJECT-TYPE 2593 SYNTAX SnmpAdminString 2594 MAX-ACCESS read-only 2595 STATUS current 2596 DESCRIPTION 2597 "An administrative name that identifies the source of this 2598 Crypto Device Material (CDM). This could be the URI used 2599 when downloaded from the Secure Object Management System 2600 (SOMS) server or a physical port designator for CDM 2601 downloaded via HMI." 2602 ::= { cCDMStoreEntry 3 } 2604 cCDMStoreID OBJECT-TYPE 2605 SYNTAX OCTET STRING (SIZE(1..255)) 2606 MAX-ACCESS read-write 2607 STATUS current 2608 DESCRIPTION 2609 "Represents a unique identifier assigned to this Crypto 2610 Device Material (CDM). This would typically be an identifier 2611 inherent to the CDM, such as a serial number or other form 2612 of identifier derived from a tag or other CDM wrapper. This 2613 object differs from cCDMStoreFriendlyName which is a 2614 user-defined ID." 2615 ::= { cCDMStoreEntry 4 } 2617 cCDMStoreFriendlyName OBJECT-TYPE 2618 SYNTAX SnmpAdminString 2619 MAX-ACCESS read-write 2620 STATUS current 2621 DESCRIPTION 2622 "A human readable label of this Crypto Device Material (CDM) 2623 for easier reference. It is used only for helpful or 2624 informational purposes." 2626 ::= { cCDMStoreEntry 5 } 2628 cCDMStoreControl OBJECT-TYPE 2629 SYNTAX INTEGER { readyForInstall(1), install(2), 2630 installAndDiscard(3), other (4) } 2631 MAX-ACCESS read-write 2632 STATUS current 2633 DESCRIPTION 2634 "A means to control what happens to the Crypto Device 2635 Material (CDM) stored in this table. 2636 (1) readyForInstall - The CDM is ready for installation. 2637 (2) install - The CDM will be installed in the appropriate 2638 table based on the cCDMStoreType. 2639 (3) installAndDiscard - The CDM will be installed in the 2640 appropriate table based on the cCDMStoreType and 2641 discarded from this table after the install operation is 2642 complete. 2643 (4) other - The CDM will be processed based on family 2644 extension specific action. 2646 Note, setting the cCDMStoreRowStatus object to 'destroy' 2647 will discard the CDM." 2648 ::= { cCDMStoreEntry 6 } 2650 cCDMStoreRowStatus OBJECT-TYPE 2651 SYNTAX RowStatus 2652 MAX-ACCESS read-write 2653 STATUS current 2654 DESCRIPTION 2655 "The status of this row by which existing entries may be 2656 deleted from this table. 2658 At a minimum, implementations must support active and 2659 destroy management functions. Support for notInService and 2660 notReady management functions is optional. Implementations 2661 must not support createAndWait and createAndGo management 2662 functions for this object." 2663 ::= { cCDMStoreEntry 7 } 2665 -- ***************************************************************** 2666 -- CC MIB cCertSubAltNameTable 2667 -- ***************************************************************** 2669 cCertSubAltNameTableCount OBJECT-TYPE 2670 SYNTAX Unsigned32 2671 MAX-ACCESS read-only 2672 STATUS current 2673 DESCRIPTION 2674 "The number of rows in the cCertSubAltNameTable." 2675 ::= { cCertSubAltNameInfo 1 } 2677 cCertSubAltNameTableLastChanged OBJECT-TYPE 2678 SYNTAX TimeStamp 2679 MAX-ACCESS read-only 2680 STATUS current 2681 DESCRIPTION 2682 "The last time any entry in the table was modified, created, 2683 or deleted by either SNMP, agent, or other management method 2684 (e.g., via an HMI). Managers can use this object to ensure 2685 that no changes to configuration of this table have happened 2686 since the last time it examined the table. A value of 0 2687 indicates that no entry has been changed since the agent 2688 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2689 should be used to populate this column." 2690 ::= { cCertSubAltNameInfo 2 } 2692 cCertSubAltNameTable OBJECT-TYPE 2693 SYNTAX SEQUENCE OF CCertSubAltNameTableEntry 2694 MAX-ACCESS not-accessible 2695 STATUS current 2696 DESCRIPTION 2697 "The table containing a list of Subject Alternative Names 2698 associated with the certificate." 2699 ::= { cCertSubAltNameInfo 3 } 2701 cCertSubAltNameTableEntry OBJECT-TYPE 2702 SYNTAX CCertSubAltNameTableEntry 2703 MAX-ACCESS not-accessible 2704 STATUS current 2705 DESCRIPTION 2706 "A row containing information about a Subject Alternative 2707 Name and its type." 2708 INDEX { cCertSubAltNameList, cCertSubAltNameListIndex } 2709 ::= { cCertSubAltNameTable 1 } 2711 CCertSubAltNameTableEntry ::= SEQUENCE { 2712 cCertSubAltNameList SnmpAdminString, 2713 cCertSubAltNameListIndex Unsigned32, 2714 cCertSubAltNameType INTEGER, 2715 cCertSubAltNameValue1 OCTET STRING, 2716 cCertSubAltNameValue2 OCTET STRING, 2717 cCertSubAltNameRowStatus RowStatus 2718 } 2720 cCertSubAltNameList OBJECT-TYPE 2721 SYNTAX SnmpAdminString (SIZE(1..32)) 2722 MAX-ACCESS not-accessible 2723 STATUS current 2724 DESCRIPTION 2725 "The administrative name defining the set of Subject 2726 Alternative Names that are associated with the certificate. 2727 Multiple Subject Alternative Names may use the same 2728 administrative name, implying a group. It is the combination 2729 of cCertSubAltNameList and cCertSubAltNameListIndex that 2730 uniquely identifies each row or set of Subject Alternative 2731 Names." 2732 ::= { cCertSubAltNameTableEntry 1 } 2734 cCertSubAltNameListIndex OBJECT-TYPE 2735 SYNTAX Unsigned32 2736 MAX-ACCESS not-accessible 2737 STATUS current 2738 DESCRIPTION 2739 "A unique numeric index for rows, or sets of Subject 2740 Alternative Names, with the same cCertSubAltNameList value. 2741 This value, in combination with cCertSubAltNameList, 2742 uniquely identifies each row, or set of Subject Alternative 2743 Names." 2744 ::= { cCertSubAltNameTableEntry 2 } 2746 cCertSubAltNameType OBJECT-TYPE 2747 SYNTAX INTEGER { otherName(0), rfc822Name(1), dNSName(2), 2748 x400Address(3), directoryName(4), 2749 ediPartyName(5), 2750 uniformResourceIdentifier(6), ipAddress(7), 2751 registeredID(8) } 2752 MAX-ACCESS read-only 2753 STATUS current 2754 DESCRIPTION 2755 "The type of the Subject Alternative Name as defined in RFC 2756 5280, Section 4.2.1.6. Specifically, the value of this 2757 object determines the format of cCertSubAltNameValue1 and 2758 cCertSubAltNameValue2." 2759 ::= { cCertSubAltNameTableEntry 3 } 2761 cCertSubAltNameValue1 OBJECT-TYPE 2762 SYNTAX OCTET STRING 2763 MAX-ACCESS read-only 2764 STATUS current 2765 DESCRIPTION 2766 "The main value of the Subject Alternative Name. The format 2767 of the value must match its Type as defined in RFC 5280, 2768 Section 4.2.1.6. 2770 This column is the main value and is used for all 2771 cCertSubAltNameType types. For otherName(0), this column 2772 provides the value of the 'value' field. For 2773 ediPartyName(5), this column provides the value of the 2774 'partyName'. For all other types, this column provides the 2775 value as defined in RFC 5280, Section 4.2.1.6." 2776 ::= { cCertSubAltNameTableEntry 4 } 2778 cCertSubAltNameValue2 OBJECT-TYPE 2779 SYNTAX OCTET STRING 2780 MAX-ACCESS read-only 2781 STATUS current 2782 DESCRIPTION 2783 "This column is a supplement to the main value 2784 cCertSubAltNameValue1 and may only be used when the 2785 cCertSubAltNameType is either otherName(0) or 2786 ediPartyName(5). For otherName(0), this column provides the 2787 value of the 'type-id' as defined in RFC 5280, Section 2788 4.2.1.6. For ediPartyName(5), this column provides the value 2789 of the 'nameAssigner' as defined in RFC 5280, Section 2790 4.2.1.6. 2792 For all other values of cCertSubAltNameType or when the 2793 'nameAssigner' is not used for ediPartyName(5), this column 2794 will not exist. 2796 Note: Support for multiple otherName(0) or ediPartyName(5) 2797 alternate names is provided by allowing multiple rows of the 2798 same cCertSubAltNameType and cCertSubAltNameList but with a 2799 unique cCertSubAltNameListIndex." 2800 ::= { cCertSubAltNameTableEntry 5 } 2802 cCertSubAltNameRowStatus OBJECT-TYPE 2803 SYNTAX RowStatus 2804 MAX-ACCESS read-create 2805 STATUS current 2806 DESCRIPTION 2807 "The status of this row by which existing entries may be 2808 deleted from this table. 2810 At a minimum, implementations must support active and 2811 destroy management functions. Support for notInService and 2812 notReady management functions is optional. Implementations 2813 must not support createAndWait and createAndGo management 2814 functions for this object." 2815 ::= { cCertSubAltNameTableEntry 6 } 2817 -- ***************************************************************** 2818 -- CC MIB cCertPathCtrlsTable 2819 -- ***************************************************************** 2821 cCertPathCtrlsTableCount OBJECT-TYPE 2822 SYNTAX Unsigned32 2823 MAX-ACCESS read-only 2824 STATUS current 2825 DESCRIPTION 2826 "The number of rows in the cCertPathCtrlsTable." 2827 ::= { cCertPathCtrlsInfo 1 } 2829 cCertPathCtrlsTableLastChanged OBJECT-TYPE 2830 SYNTAX TimeStamp 2831 MAX-ACCESS read-only 2832 STATUS current 2833 DESCRIPTION 2834 "The last time any entry in the table was modified, created, 2835 or deleted by either SNMP, agent, or other management method 2836 (e.g., via an HMI). Managers can use this object to ensure 2837 that no changes to configuration of this table have happened 2838 since the last time it examined the table. A value of 0 2839 indicates that no entry has been changed since the agent 2840 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 2841 should be used to populate this column." 2842 ::= { cCertPathCtrlsInfo 2 } 2844 cCertPathCtrlsTable OBJECT-TYPE 2845 SYNTAX SEQUENCE OF CCertPathCtrlsEntry 2846 MAX-ACCESS not-accessible 2847 STATUS current 2848 DESCRIPTION 2849 "The table containing the controls and constraints applied 2850 to a certificate in order to process certificate trust 2851 paths." 2852 ::= { cCertPathCtrlsInfo 3 } 2854 cCertPathCtrlsEntry OBJECT-TYPE 2855 SYNTAX CCertPathCtrlsEntry 2856 MAX-ACCESS not-accessible 2857 STATUS current 2858 DESCRIPTION 2859 "A row containing information about certificate path 2860 controls and constraints." 2861 INDEX { cCertPathCtrlsKeyFingerprint } 2862 ::= { cCertPathCtrlsTable 1 } 2864 CCertPathCtrlsEntry ::= SEQUENCE { 2865 cCertPathCtrlsKeyFingerprint SnmpTLSFingerprint, 2866 cCertPathCtrlsCertificate RowPointer, 2867 cCertPathCtrlsCertPolicies OCTET STRING, 2868 cCertPathCtrlsPolicyMappings OCTET STRING, 2869 cCertPathCtrlsPolicyFlags BITS, 2870 cCertPathCtrlsNamesPermitted OCTET STRING, 2871 cCertPathCtrlsNamesExcluded OCTET STRING, 2872 cCertPathCtrlsMaxPathLength Unsigned32 2873 } 2875 cCertPathCtrlsKeyFingerprint OBJECT-TYPE 2876 SYNTAX SnmpTLSFingerprint 2877 MAX-ACCESS not-accessible 2878 STATUS current 2879 DESCRIPTION 2880 "Identifies a trust anchor in the cTrustAnchorTable or a 2881 certificate in the cAsymKeyTable. This column is the 2882 primary index to the cCertPathCtrlsTable." 2883 ::= {cCertPathCtrlsEntry 1} 2885 cCertPathCtrlsCertificate OBJECT-TYPE 2886 SYNTAX RowPointer 2887 MAX-ACCESS read-only 2888 STATUS current 2889 DESCRIPTION 2890 "Optional reference to an X.509 certificate defined in the 2891 cAsymKeyTable to assist with certification path development 2892 and validation." 2893 ::= { cCertPathCtrlsEntry 2 } 2895 cCertPathCtrlsCertPolicies OBJECT-TYPE 2896 SYNTAX OCTET STRING 2897 MAX-ACCESS read-only 2898 STATUS current 2899 DESCRIPTION 2900 "Indicates a grouping of one or more policies for this 2901 certificate. The value of this column corresponds to the 2902 cCertPolicyInformation column in the cCertPolicyTable. 2904 When this object does not apply for the key material, this 2905 column will not exist." 2906 ::= { cCertPathCtrlsEntry 3 } 2908 cCertPathCtrlsPolicyMappings OBJECT-TYPE 2909 SYNTAX OCTET STRING 2910 MAX-ACCESS read-only 2911 STATUS current 2912 DESCRIPTION 2913 "For a Certification Authority (CA) certificate, this 2914 indicates a grouping of policy mappings between a 2915 certificate issuer CA domain policy and a domain policy of 2916 the subject certificate CA. The value of this column 2917 corresponds to the cPolicyMappingGroup column of the 2918 cPolicyMappingTable. 2920 For non-X.509 based key material, or when this object does 2921 not apply for the key material, this column will not exist." 2922 ::= { cCertPathCtrlsEntry 4 } 2924 cCertPathCtrlsPolicyFlags OBJECT-TYPE 2925 SYNTAX BITS { inhibitPolicyMapping(0), 2926 requireExplicitPolicy(1), 2927 inhibitAnyPolicy(2) } 2928 MAX-ACCESS read-only 2929 STATUS current 2930 DESCRIPTION 2931 "Optional certificate path policy flags consisting of the 2932 following: inhibitPolicyMapping, requireExplicitPolicy, and 2933 inhibitAnyPolicy. 2935 inhibitPolicyMapping: Indicates if policy mapping is allowed 2936 in the certification path. 2938 requireExplicitPolicy: Indicates if the certification path 2939 must be valid for at least one of the certificate policies 2940 in cCertPathCtrlsCertPolicies. 2942 inhibitAnyPolicy: Indicates whether the special anyPolicy 2943 policy identifier is considered an explicit match for other 2944 certificate policies. 2946 Bit value translation: 2947 1000 = inhibitPolicyMapping 2948 0100 = requireExplicitPolicy 2949 0010 = inhibitAnyPolicy" 2950 ::= { cCertPathCtrlsEntry 5 } 2952 cCertPathCtrlsNamesPermitted OBJECT-TYPE 2953 SYNTAX OCTET STRING 2954 MAX-ACCESS read-only 2955 STATUS current 2956 DESCRIPTION 2957 "Indicates a subtree of names that are permitted for 2958 certificate path validation. The value of this column 2959 corresponds to the cNameConstraintGenSubtree column in the 2960 cNameConstraintTable. 2962 When this object does not apply for the key material, this 2963 column will not exist." 2964 ::= { cCertPathCtrlsEntry 6 } 2966 cCertPathCtrlsNamesExcluded OBJECT-TYPE 2967 SYNTAX OCTET STRING 2968 MAX-ACCESS read-only 2969 STATUS current 2970 DESCRIPTION 2971 "Indicates a subtree of names that are excluded from 2972 certificate path validation, regardless of information 2973 appearing in the cCertPathCtrlsNamesPermitted subtree. The 2974 value of this column corresponds to the 2975 cNameConstraintGenSubtree column in the 2976 cNameConstraintTable. 2978 When this object does not apply for the key material, this 2979 column will not exist." 2980 ::= { cCertPathCtrlsEntry 7 } 2982 cCertPathCtrlsMaxPathLength OBJECT-TYPE 2983 SYNTAX Unsigned32 2984 MAX-ACCESS read-only 2985 STATUS current 2986 DESCRIPTION 2987 "Optional indication of the maximum number of 2988 non-self-issued intermediate certificates that may follow 2989 this certificate in a valid certification path." 2990 ::= { cCertPathCtrlsEntry 8 } 2992 -- ***************************************************************** 2993 -- CC MIB cCertPolicyTable 2994 -- ***************************************************************** 2996 cCertPolicyTableCount OBJECT-TYPE 2997 SYNTAX Unsigned32 2998 MAX-ACCESS read-only 2999 STATUS current 3000 DESCRIPTION 3001 "The number of rows in the cCertPolicyTable." 3002 ::= { cCertPolicyInfo 1 } 3004 cCertPolicyTableLastChanged OBJECT-TYPE 3005 SYNTAX TimeStamp 3006 MAX-ACCESS read-only 3007 STATUS current 3008 DESCRIPTION 3009 "The last time any entry in the table was modified, created, 3010 or deleted by either SNMP, agent, or other management method 3011 (e.g., via an HMI). Managers can use this object to ensure 3012 that no changes to configuration of this table have happened 3013 since the last time it examined the table. A value of 0 3014 indicates that no entry has been changed since the agent 3015 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 3016 should be used to populate this column." 3017 ::= { cCertPolicyInfo 2 } 3019 cCertPolicyTable OBJECT-TYPE 3020 SYNTAX SEQUENCE OF CCertPolicyEntry 3021 MAX-ACCESS not-accessible 3022 STATUS current 3023 DESCRIPTION 3024 "The table containing certificate policy information to be 3025 provided as input to the certificate path validation 3026 algorithm. For an end entity certificate, this information 3027 indicates under which policy this certificate has been 3028 issued and the purposes for which the certificate may be 3029 used. For a Certification Authority (CA) certificate, this 3030 information limits the set of policies for certification 3031 paths that include this certificate." 3032 ::= { cCertPolicyInfo 3 } 3034 cCertPolicyEntry OBJECT-TYPE 3035 SYNTAX CCertPolicyEntry 3036 MAX-ACCESS not-accessible 3037 STATUS current 3038 DESCRIPTION 3039 "A row containing information about a certificate policy." 3040 INDEX { cCertPolicyInformation, cCertPolicyInformationIndex } 3041 ::= { cCertPolicyTable 1 } 3043 CCertPolicyEntry ::= SEQUENCE { 3044 cCertPolicyInformation OCTET STRING, 3045 cCertPolicyInformationIndex Unsigned32, 3046 cCertPolicyIdentifier OBJECT IDENTIFIER, 3047 cCertPolicyQualifierID INTEGER, 3048 cCertPolicyQualifier OCTET STRING 3049 } 3051 cCertPolicyInformation OBJECT-TYPE 3052 SYNTAX OCTET STRING (SIZE(1..255)) 3053 MAX-ACCESS not-accessible 3054 STATUS current 3055 DESCRIPTION 3056 "Identifies a grouping of policies that are applicable to a 3057 certificate. When used in conjunction with 3058 cCertPolicyInformationIndex, a unique policy and qualifier 3059 set is defined." 3060 ::= { cCertPolicyEntry 1 } 3062 cCertPolicyInformationIndex OBJECT-TYPE 3063 SYNTAX Unsigned32 3064 MAX-ACCESS not-accessible 3065 STATUS current 3066 DESCRIPTION 3067 "A numerical index that is unique for a specific 3068 cCertPolicyInformation value. This index allows multiple 3069 qualifiers to be defined for a particular policy. When used 3070 in conjunction with cCertPolicyInformation, a unique policy 3071 and qualifier set is defined." 3072 ::= { cCertPolicyEntry 2 } 3074 cCertPolicyIdentifier OBJECT-TYPE 3075 SYNTAX OBJECT IDENTIFIER 3076 MAX-ACCESS read-only 3077 STATUS current 3078 DESCRIPTION 3079 "For end entity certificates, this is an identifier for the 3080 policy under which the certificate has been issued. For 3081 Certification Authority (CA) certificates, this is an 3082 identifier for a certification path policy that includes 3083 this certificate." 3084 ::= { cCertPolicyEntry 3 } 3086 cCertPolicyQualifierID OBJECT-TYPE 3087 SYNTAX INTEGER { cpsPointer(0), userNotice(1) } 3088 MAX-ACCESS read-only 3089 STATUS current 3090 DESCRIPTION 3091 "Indicates the type of qualifier per RFC 5280, 3092 Section 4.2.1.4." 3093 ::= { cCertPolicyEntry 4 } 3095 cCertPolicyQualifier OBJECT-TYPE 3096 SYNTAX OCTET STRING 3097 MAX-ACCESS read-only 3098 STATUS current 3099 DESCRIPTION 3100 "Qualifier information with type based on 3101 cCertPolicyQualifierID." 3102 ::= { cCertPolicyEntry 5 } 3104 -- ***************************************************************** 3105 -- CC MIB cPolicyMappingTable 3106 -- ***************************************************************** 3108 cPolicyMappingTableCount OBJECT-TYPE 3109 SYNTAX Unsigned32 3110 MAX-ACCESS read-only 3111 STATUS current 3112 DESCRIPTION 3113 "The number of rows in the cPolicyMappingTable." 3114 ::= { cPolicyMappingInfo 1 } 3116 cPolicyMappingTableLastChanged OBJECT-TYPE 3117 SYNTAX TimeStamp 3118 MAX-ACCESS read-only 3119 STATUS current 3120 DESCRIPTION 3121 "The last time any entry in the table was modified, created, 3122 or deleted by either SNMP, agent, or other management method 3123 (e.g., via an HMI). Managers can use this object to ensure 3124 that no changes to configuration of this table have happened 3125 since the last time it examined the table. A value of 0 3126 indicates that no entry has been changed since the agent 3127 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 3128 should be used to populate this column." 3129 ::= { cPolicyMappingInfo 2 } 3131 cPolicyMappingTable OBJECT-TYPE 3132 SYNTAX SEQUENCE OF CPolicyMappingEntry 3133 MAX-ACCESS not-accessible 3134 STATUS current 3135 DESCRIPTION 3136 "The table listing mappings between policies that a 3137 certificate issuing Certification Authority (CA) considers 3138 as equivalent or comparable to the domain policies of the 3139 subject certificate's CA." 3140 ::= { cPolicyMappingInfo 3 } 3142 cPolicyMappingEntry OBJECT-TYPE 3143 SYNTAX CPolicyMappingEntry 3144 MAX-ACCESS not-accessible 3145 STATUS current 3146 DESCRIPTION 3147 "A row containing a mapping between the domain policy of an 3148 issuing Certification Authority (CA) and an equivalent 3149 domain policy of the subject certificate's CA." 3150 INDEX { cPolicyMappingGroup, cPolicyMappingIndex } 3151 ::= { cPolicyMappingTable 1 } 3153 CPolicyMappingEntry ::= SEQUENCE { 3154 cPolicyMappingGroup OCTET STRING, 3155 cPolicyMappingIndex Unsigned32, 3156 cPolicyMappingSubjectPolicy OBJECT IDENTIFIER, 3157 cPolicyMappingIssuerPolicy OBJECT IDENTIFIER 3158 } 3160 cPolicyMappingGroup OBJECT-TYPE 3161 SYNTAX OCTET STRING (SIZE(1..255)) 3162 MAX-ACCESS not-accessible 3163 STATUS current 3164 DESCRIPTION 3165 "Identifies a grouping of policy mappings that are 3166 applicable to a certificate. When used in conjunction with 3167 cPolicyMappingIndex, a unique policy mapping is defined." 3168 ::= { cPolicyMappingEntry 1 } 3170 cPolicyMappingIndex OBJECT-TYPE 3171 SYNTAX Unsigned32 3172 MAX-ACCESS not-accessible 3173 STATUS current 3174 DESCRIPTION 3175 "A numerical index that is unique for a specific 3176 cPolicyMappingGroup value. When used in conjunction with 3177 cPolicyMappingGroup, a unique policy mapping is defined." 3178 ::= { cPolicyMappingEntry 2 } 3180 cPolicyMappingSubjectPolicy OBJECT-TYPE 3181 SYNTAX OBJECT IDENTIFIER 3182 MAX-ACCESS read-only 3183 STATUS current 3184 DESCRIPTION 3185 "Indicates the subject Certification Authority's domain 3186 policy." 3187 ::= { cPolicyMappingEntry 3 } 3189 cPolicyMappingIssuerPolicy OBJECT-TYPE 3190 SYNTAX OBJECT IDENTIFIER 3191 MAX-ACCESS read-only 3192 STATUS current 3193 DESCRIPTION 3194 "Indicates the issuer domain policy that the issuer 3195 Certification Authority (CA) considers equivalent to the 3196 subject CA domain policy." 3197 ::= { cPolicyMappingEntry 4 } 3199 -- ***************************************************************** 3200 -- CC MIB cNameConstraintTable 3201 -- ***************************************************************** 3202 cNameConstraintTableCount OBJECT-TYPE 3203 SYNTAX Unsigned32 3204 MAX-ACCESS read-only 3205 STATUS current 3206 DESCRIPTION 3207 "The number of rows in the cNameConstraintTable." 3208 ::= { cNameConstraintInfo 1 } 3210 cNameConstraintTableLastChanged OBJECT-TYPE 3211 SYNTAX TimeStamp 3212 MAX-ACCESS read-only 3213 STATUS current 3214 DESCRIPTION 3215 "The last time any entry in the table was modified, created, 3216 or deleted by either SNMP, agent, or other management method 3217 (e.g., via an HMI). Managers can use this object to ensure 3218 that no changes to configuration of this table have happened 3219 since the last time it examined the table. A value of 0 3220 indicates that no entry has been changed since the agent 3221 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 3222 should be used to populate this column." 3223 ::= { cNameConstraintInfo 2 } 3225 cNameConstraintTable OBJECT-TYPE 3226 SYNTAX SEQUENCE OF CNameConstraintEntry 3227 MAX-ACCESS not-accessible 3228 STATUS current 3229 DESCRIPTION 3230 "The table listing designated name spaces within which 3231 subject names in subsequent certificates in a certification 3232 path can be stored." 3233 ::= { cNameConstraintInfo 3 } 3235 cNameConstraintEntry OBJECT-TYPE 3236 SYNTAX CNameConstraintEntry 3237 MAX-ACCESS not-accessible 3238 STATUS current 3239 DESCRIPTION 3240 "A row designating an entity's distinguished name to a name 3241 space." 3242 INDEX { cNameConstraintGenSubtree, 3243 cNameConstraintSubtreeIndex } 3244 ::= { cNameConstraintTable 1 } 3246 CNameConstraintEntry ::= SEQUENCE { 3247 cNameConstraintGenSubtree OCTET STRING, 3248 cNameConstraintSubtreeIndex Unsigned32, 3249 cNameConstraintBaseName SnmpAdminString 3251 } 3253 cNameConstraintGenSubtree OBJECT-TYPE 3254 SYNTAX OCTET STRING (SIZE(1..255)) 3255 MAX-ACCESS not-accessible 3256 STATUS current 3257 DESCRIPTION 3258 "Identifies a permitted or excluded name constraint subtree. 3259 When used with cNameConstraintSubtreeIndex, a unique subject 3260 name constraint entry is defined." 3261 ::= { cNameConstraintEntry 1 } 3263 cNameConstraintSubtreeIndex OBJECT-TYPE 3264 SYNTAX Unsigned32 3265 MAX-ACCESS not-accessible 3266 STATUS current 3267 DESCRIPTION 3268 "A numerical index used to specify a name constraint within 3269 a permitted or excluded name constraint subtree. When used 3270 with a specific value of cNameConstraintGenSubtree, a unique 3271 subject name constraint entry is defined." 3272 ::= { cNameConstraintEntry 2 } 3274 cNameConstraintBaseName OBJECT-TYPE 3275 SYNTAX SnmpAdminString 3276 MAX-ACCESS read-only 3277 STATUS current 3278 DESCRIPTION 3279 "The distinguished name of the subject that is permitted or 3280 excluded." 3281 ::= { cNameConstraintEntry 3 } 3283 -- ***************************************************************** 3284 -- CC MIB cRemoteKeyMaterialTable 3285 -- ***************************************************************** 3287 cRemoteKeyMaterialTableCount OBJECT-TYPE 3288 SYNTAX Unsigned32 3289 MAX-ACCESS read-only 3290 STATUS current 3291 DESCRIPTION 3292 "The number of rows in the cRemoteKeyMaterialTable." 3293 ::= { cRemoteKeyMaterialInfo 1 } 3295 cRemoteKeyMaterialTableLastChanged OBJECT-TYPE 3296 SYNTAX TimeStamp 3297 MAX-ACCESS read-only 3298 STATUS current 3299 DESCRIPTION 3300 "The last time any entry in the table was modified, 3301 created, or deleted by either SNMP, agent, or other 3302 management method (e.g., via an HMI) Managers can use this 3303 object to ensure that no changes to configuration of this 3304 table have happened since the last time it examined the 3305 table. A value of 0 indicates that no entry has been 3306 changed since the agent initialized. The value in 3307 CC-DEVICE-INFO-MIB cSystemUpTime should be used to populate 3308 this column." 3309 ::= { cRemoteKeyMaterialInfo 2 } 3311 cRemoteKeyMaterialTable OBJECT-TYPE 3312 SYNTAX SEQUENCE OF CRemoteKeyMaterialTableEntry 3313 MAX-ACCESS not-accessible 3314 STATUS current 3315 DESCRIPTION 3316 "The table containing remote key material information - 3317 namely, key material used to help establish the secure 3318 connection." 3319 ::= { cRemoteKeyMaterialInfo 3 } 3321 cRemoteKeyMaterialTableEntry OBJECT-TYPE 3322 SYNTAX CRemoteKeyMaterialTableEntry 3323 MAX-ACCESS not-accessible 3324 STATUS current 3325 DESCRIPTION 3326 "A row describing the remote key material information used 3327 to establish the secure connection." 3328 INDEX { cRemoteKeyMaterialID } 3329 ::= { cRemoteKeyMaterialTable 1 } 3331 CRemoteKeyMaterialTableEntry ::= SEQUENCE { 3332 cRemoteKeyMaterialID OCTET STRING, 3333 cRemoteKeyMatFriendlyName SnmpAdminString, 3334 cRemoteKeyMatSerialNumber OCTET STRING, 3335 cRemoteKeyMaterialKeyType OCTET STRING, 3336 cRemoteKeyMatExpirationDate DateAndTime, 3337 cRemoteKeyMatClassification BITS 3338 } 3340 cRemoteKeyMaterialID OBJECT-TYPE 3341 SYNTAX OCTET STRING (SIZE(1..255)) 3342 MAX-ACCESS not-accessible 3343 STATUS current 3344 DESCRIPTION 3345 "Represents a unique identifier assigned to this key 3346 material. This would typically be an identifier inherent to 3347 the key material, such as a serial number or other form of 3348 identifier derived from a tag or other key wrapper. This 3349 object differs from cRemoteKeyMatFriendlyName which is a 3350 user-defined ID." 3351 ::= { cRemoteKeyMaterialTableEntry 1 } 3353 cRemoteKeyMatFriendlyName OBJECT-TYPE 3354 SYNTAX SnmpAdminString 3355 MAX-ACCESS read-write 3356 STATUS current 3357 DESCRIPTION 3358 "A human readable label of the key for easier reference. It 3359 is used only for helpful or informational purposes." 3360 ::= { cRemoteKeyMaterialTableEntry 2 } 3362 cRemoteKeyMatSerialNumber OBJECT-TYPE 3363 SYNTAX OCTET STRING 3364 MAX-ACCESS read-only 3365 STATUS current 3366 DESCRIPTION 3367 "The unique positive integer assigned to the remote key 3368 material. Note, this information may not be available in 3369 some key material types." 3370 ::= { cRemoteKeyMaterialTableEntry 3 } 3372 cRemoteKeyMaterialKeyType OBJECT-TYPE 3373 SYNTAX OCTET STRING 3374 MAX-ACCESS read-only 3375 STATUS current 3376 DESCRIPTION 3377 "This column describes the type of remote key material. 3379 Note, this is a free form OCTET STRING column. 3380 Implementations are expected to utilize definition of 3381 string values that apply to their specific nomenclature 3382 supported. If no such nomenclature exists, this column 3383 should not be populated or be set to an empty string 3384 (i.e., '')." 3385 ::= { cRemoteKeyMaterialTableEntry 4 } 3387 cRemoteKeyMatExpirationDate OBJECT-TYPE 3388 SYNTAX DateAndTime 3389 MAX-ACCESS read-only 3390 STATUS current 3391 DESCRIPTION 3392 "The expiration date of the key." 3393 ::= { cRemoteKeyMaterialTableEntry 5 } 3395 cRemoteKeyMatClassification OBJECT-TYPE 3396 SYNTAX BITS { unclassified(0), restricted(1), 3397 confidential(2), secret(3), topSecret(4) } 3398 MAX-ACCESS read-only 3399 STATUS current 3400 DESCRIPTION 3401 "The classification of the key. 3402 Bit value translation: 3403 1000 0000 = unclassified 3404 0100 0000 = restricted 3405 0010 0000 = confidential 3406 0001 0000 = secret 3407 0000 1000 = topSecret 3409 This column does not exist for devices that do not have 3410 the concept of classification." 3411 ::= { cRemoteKeyMaterialTableEntry 6 } 3413 -- ***************************************************************** 3414 -- Module Conformance Information 3415 -- ***************************************************************** 3417 cKeyManagementCompliances OBJECT IDENTIFIER 3418 ::= { cKeyManagementConformance 1} 3420 cKeyManagementGroups OBJECT IDENTIFIER 3421 ::= { cKeyManagementConformance 2} 3423 cKeyManSymKeyCompliance MODULE-COMPLIANCE 3424 STATUS current 3425 DESCRIPTION 3426 "Compliance levels for symmetric key information." 3427 MODULE 3428 MANDATORY-GROUPS { cKeyManSymKeyGroup, cKeyManRemoteKeyGroup } 3430 GROUP cKeyManSymKeyNotifyScalars 3431 DESCRIPTION 3432 "This symmetric key notification scalar group is optional 3433 for implementation." 3435 GROUP cKeyManSymKeyNotifyGroup 3436 DESCRIPTION 3437 "This notification group is optional for implementation." 3438 ::= { cKeyManagementCompliances 1 } 3440 cKeyManAsymKeyCompliance MODULE-COMPLIANCE 3441 STATUS current 3442 DESCRIPTION 3443 "Compliance levels for asymmetric key information." 3444 MODULE 3445 MANDATORY-GROUPS { cKeyManAsymKeyGroup, cKeyManRemoteKeyGroup } 3447 GROUP cKeyManCertSubAltNameGroup 3448 DESCRIPTION 3449 "Certificate Subject Alternative Name group is optional for 3450 implementation." 3452 GROUP cKeyManCertPathCtrlsGroup 3453 DESCRIPTION 3454 "Certificate Path Controls group is optional for 3455 implementation." 3457 GROUP cKeyManCertPolicyGroup 3458 DESCRIPTION 3459 "Certificate Policy group is optional for implementation." 3461 GROUP cKeyManPolicyMappingGroup 3462 DESCRIPTION 3463 "Policy Mapping group is optional for implementation." 3465 GROUP cKeyManNameConstraintGroup 3466 DESCRIPTION 3467 "Name Constraint group is optional for implementation." 3469 GROUP cKeyManTrustAnchorGroup 3470 DESCRIPTION 3471 "Trust Anchor group is optional for implementation." 3473 GROUP cKeyManAsymKeyNotifyScalars 3474 DESCRIPTION 3475 "This asymmetric key notification scalar group is optional 3476 for implementation." 3478 GROUP cKeyManAsymKeyNotifyGroup 3479 DESCRIPTION 3480 "This notification group is optional for implementation." 3482 GROUP cKeyManTrustAnchorNotifyGroup 3483 DESCRIPTION 3484 "This notification group is optional for implementation." 3486 OBJECT cCertPathCtrlsCertificate 3487 MIN-ACCESS not-accessible 3488 DESCRIPTION 3489 "Implementation of this object is optional." 3491 OBJECT cCertPathCtrlsPolicyFlags 3492 MIN-ACCESS not-accessible 3493 DESCRIPTION 3494 "Implementation of this object is optional." 3496 OBJECT cCertPathCtrlsMaxPathLength 3497 MIN-ACCESS not-accessible 3498 DESCRIPTION 3499 "Implementation of this object is optional." 3500 ::= { cKeyManagementCompliances 2 } 3502 cKeyManTrustAnchorCompliance MODULE-COMPLIANCE 3503 STATUS current 3504 DESCRIPTION 3505 "Compliance levels for trust anchor information." 3506 MODULE 3507 MANDATORY-GROUPS { cKeyManTrustAnchorGroup } 3509 GROUP cKeyManCertPathCtrlsGroup 3510 DESCRIPTION 3511 "Certificate Path Controls group is optional for 3512 implementation." 3514 GROUP cKeyManCertPolicyGroup 3515 DESCRIPTION 3516 "Certificate Policy group is optional for implementation." 3518 GROUP cKeyManPolicyMappingGroup 3519 DESCRIPTION 3520 "Policy Mapping group is optional for implementation." 3522 GROUP cKeyManNameConstraintGroup 3523 DESCRIPTION 3524 "Name Constraint group is optional for implementation." 3526 GROUP cKeyManTrustAnchorNotifyGroup 3527 DESCRIPTION 3528 "This notification group is optional for implementation." 3530 OBJECT cCertPathCtrlsCertificate 3531 MIN-ACCESS not-accessible 3532 DESCRIPTION 3533 "Implementation of this object is optional." 3535 OBJECT cCertPathCtrlsPolicyFlags 3536 MIN-ACCESS not-accessible 3537 DESCRIPTION 3538 "Implementation of this object is optional." 3540 OBJECT cCertPathCtrlsMaxPathLength 3541 MIN-ACCESS not-accessible 3542 DESCRIPTION 3543 "Implementation of this object is optional." 3544 ::= { cKeyManagementCompliances 3 } 3546 cKeyManCKLCompliance MODULE-COMPLIANCE 3547 STATUS current 3548 DESCRIPTION 3549 "Compliance levels for CKL information." 3550 MODULE 3551 MANDATORY-GROUPS { cKeyManCKLGroup } 3553 GROUP cKeyManCKLNotifyGroup 3554 DESCRIPTION 3555 "This notification group is optional for implementation." 3556 ::= { cKeyManagementCompliances 4 } 3558 cKeyManCDMStoreCompliance MODULE-COMPLIANCE 3559 STATUS current 3560 DESCRIPTION 3561 "Compliance levels for CDM Store information." 3562 MODULE 3563 MANDATORY-GROUPS { cKeyManCDMStoreGroup } 3565 GROUP cKeyManCDMStoreNotifyGroup 3566 DESCRIPTION 3567 "This notification group is optional for implementation." 3568 ::= { cKeyManagementCompliances 5 } 3570 cKeyManSymKeyGroup OBJECT-GROUP 3571 OBJECTS { 3572 cZeroizeAllKeys, 3573 cZeroizeSymmetricKeyTable, 3574 cSymmetricKeyTableCount, 3575 cSymmetricKeyTableLastChanged, 3576 cSymKeyUsage, 3577 cSymKeyID, 3578 cSymKeyIssuer, 3579 cSymKeyEffectiveDate, 3580 cSymKeyExpirationDate, 3581 cSymKeyExpiryWarning, 3582 cSymKeyNumberOfTransactions, 3583 cSymKeyFriendlyName, 3584 cSymKeyClassification, 3585 cSymKeySource, 3586 cSymKeyRowStatus 3587 } 3589 STATUS current 3590 DESCRIPTION 3591 "This group is composed of objects related to symmetric key 3592 information." 3593 ::= { cKeyManagementGroups 1 } 3595 cKeyManAsymKeyGroup OBJECT-GROUP 3596 OBJECTS { 3597 cZeroizeAllKeys, 3598 cZeroizeAsymKeyTable, 3599 cAsymKeyTableCount, 3600 cAsymKeyTableLastChanged, 3601 cAsymKeyFingerprint, 3602 cAsymKeyFriendlyName, 3603 cAsymKeySerialNumber, 3604 cAsymKeyIssuer, 3605 cAsymKeySignatureAlgorithm, 3606 cAsymKeyPublicKeyAlgorithm, 3607 cAsymKeyEffectiveDate, 3608 cAsymKeyExpirationDate, 3609 cAsymKeyExpiryWarning, 3610 cAsymKeySubject, 3611 cAsymKeySubjectType, 3612 cAsymKeyUsage, 3613 cAsymKeyClassification, 3614 cAsymKeySource, 3615 cAsymKeyRowStatus, 3616 cAsymKeyVersion, 3617 cAsymKeyRekey, 3618 cAsymKeyType, 3619 cAsymKeyAutoRekeyEnable 3620 } 3621 STATUS current 3622 DESCRIPTION 3623 "This group is composed of objects related to asymmetric key 3624 information." 3625 ::= { cKeyManagementGroups 2 } 3627 cKeyManCertSubAltNameGroup OBJECT-GROUP 3628 OBJECTS { 3629 cAsymKeySubjectAltName, 3630 cCertSubAltNameTableCount, 3631 cCertSubAltNameTableLastChanged, 3632 cCertSubAltNameType, 3633 cCertSubAltNameValue1, 3634 cCertSubAltNameValue2, 3635 cCertSubAltNameRowStatus 3636 } 3638 STATUS current 3639 DESCRIPTION 3640 "This group is composed of objects related to certificate 3641 subject alternative name information." 3642 ::= { cKeyManagementGroups 3 } 3644 cKeyManCertPathCtrlsGroup OBJECT-GROUP 3645 OBJECTS { 3646 cCertPathCtrlsTableCount, 3647 cCertPathCtrlsTableLastChanged, 3648 cCertPathCtrlsCertificate, 3649 cCertPathCtrlsPolicyFlags, 3650 cCertPathCtrlsMaxPathLength 3651 } 3652 STATUS current 3653 DESCRIPTION 3654 "This group is composed of objects related to certificate 3655 path controls information." 3656 ::= { cKeyManagementGroups 4 } 3658 cKeyManCertPolicyGroup OBJECT-GROUP 3659 OBJECTS { 3660 cCertPathCtrlsCertPolicies, 3661 cCertPolicyTableCount, 3662 cCertPolicyTableLastChanged, 3663 cCertPolicyIdentifier, 3664 cCertPolicyQualifierID, 3665 cCertPolicyQualifier 3666 } 3667 STATUS current 3668 DESCRIPTION 3669 "This group is composed of objects related to certificate 3670 policy information." 3671 ::= { cKeyManagementGroups 5 } 3673 cKeyManPolicyMappingGroup OBJECT-GROUP 3674 OBJECTS { 3675 cCertPathCtrlsPolicyMappings, 3676 cPolicyMappingTableCount, 3677 cPolicyMappingTableLastChanged, 3678 cPolicyMappingSubjectPolicy, 3679 cPolicyMappingIssuerPolicy 3680 } 3681 STATUS current 3682 DESCRIPTION 3683 "This group is composed of objects related to policy mapping 3684 information." 3685 ::= { cKeyManagementGroups 6 } 3687 cKeyManNameConstraintGroup OBJECT-GROUP 3688 OBJECTS { 3689 cCertPathCtrlsNamesPermitted, 3690 cCertPathCtrlsNamesExcluded, 3691 cNameConstraintTableCount, 3692 cNameConstraintTableLastChanged, 3693 cNameConstraintBaseName 3694 } 3695 STATUS current 3696 DESCRIPTION 3697 "This group is composed of objects related to name 3698 constraint information." 3699 ::= { cKeyManagementGroups 7 } 3701 cKeyManTrustAnchorGroup OBJECT-GROUP 3702 OBJECTS { 3703 cZeroizeAllKeys, 3704 cZeroizeTrustAnchorTable, 3705 cTrustAnchorTableCount, 3706 cTrustAnchorTableLastChanged, 3707 cTrustAnchorFingerprint, 3708 cTrustAnchorFormatType, 3709 cTrustAnchorName, 3710 cTrustAnchorUsageType, 3711 cTrustAnchorKeyIdentifier, 3712 cTrustAnchorPublicKeyAlgorithm, 3713 cTrustAnchorContingencyAvail, 3714 cTrustAnchorRowStatus, 3715 cTrustAnchorVersion 3716 } 3717 STATUS current 3718 DESCRIPTION 3719 "This group is composed of objects related to trust anchor 3720 information." 3721 ::= { cKeyManagementGroups 8 } 3723 cKeyManCKLGroup OBJECT-GROUP 3724 OBJECTS { 3725 cCKLTableCount, 3726 cCKLLastChanged, 3727 cCKLIndex, 3728 cCKLIssuer, 3729 cCKLSerialNumber, 3730 cCKLIssueDate, 3731 cCKLNextUpdate, 3732 cCKLRowStatus, 3733 cCKLVersion, 3734 cCKLLastUpdate 3736 } 3737 STATUS current 3738 DESCRIPTION 3739 "This group is composed of objects related to compromised 3740 key list information." 3741 ::= { cKeyManagementGroups 9 } 3743 cKeyManCDMStoreGroup OBJECT-GROUP 3744 OBJECTS { 3745 cZeroizeAllKeys, 3746 cZeroizeCDMStoreTable, 3747 cCDMStoreTableCount, 3748 cCDMStoreTableLastChanged, 3749 cCDMStoreIndex, 3750 cCDMStoreType, 3751 cCDMStoreSource, 3752 cCDMStoreID, 3753 cCDMStoreFriendlyName, 3754 cCDMStoreControl, 3755 cCDMStoreRowStatus 3756 } 3757 STATUS current 3758 DESCRIPTION 3759 "This group is composed of objects related to Crypto 3760 Device Material store information." 3761 ::= { cKeyManagementGroups 10 } 3763 cKeyManSymKeyNotifyScalars OBJECT-GROUP 3764 OBJECTS { 3765 cKeyMaterialTableOID, 3766 cKeyMaterialFingerprint, 3767 cSymKeyGlobalExpiryWarning 3768 } 3769 STATUS current 3770 DESCRIPTION 3771 "This group is composed of objects related to symmetric key 3772 notifications." 3773 ::= { cKeyManagementGroups 11 } 3775 cKeyManAsymKeyNotifyScalars OBJECT-GROUP 3776 OBJECTS { 3777 cKeyMaterialTableOID, 3778 cKeyMaterialFingerprint, 3779 cAsymKeyGlobalExpiryWarning 3780 } 3781 STATUS current 3782 DESCRIPTION 3783 "This group is composed of objects related to asymmetric key 3784 notifications." 3785 ::= { cKeyManagementGroups 12 } 3787 cKeyManSymKeyNotifyGroup NOTIFICATION-GROUP 3788 NOTIFICATIONS { 3789 cKeyMaterialLoadSuccess, 3790 cKeyMaterialLoadFail, 3791 cKeyMaterialExpiring, 3792 cKeyMaterialExpired, 3793 cKeyMaterialExpirationChanged, 3794 cKeyMaterialZeroized 3795 } 3796 STATUS current 3797 DESCRIPTION 3798 "This group is composed of notifications related to 3799 symmetric key information." 3800 ::= { cKeyManagementGroups 13 } 3802 cKeyManAsymKeyNotifyGroup NOTIFICATION-GROUP 3803 NOTIFICATIONS { 3804 cKeyMaterialLoadSuccess, 3805 cKeyMaterialLoadFail, 3806 cKeyMaterialExpiring, 3807 cKeyMaterialExpired, 3808 cKeyMaterialExpirationChanged, 3809 cKeyMaterialZeroized 3810 } 3811 STATUS current 3812 DESCRIPTION 3813 "This group is composed of notifications related to 3814 asymmetric key information." 3815 ::= { cKeyManagementGroups 14 } 3817 cKeyManTrustAnchorNotifyGroup NOTIFICATION-GROUP 3818 NOTIFICATIONS { 3819 cTrustAnchorAdded, 3820 cTrustAnchorUpdated, 3821 cTrustAnchorRemoved 3822 } 3823 STATUS current 3824 DESCRIPTION 3825 "This group is composed of notifications related to trust 3826 anchor information." 3827 ::= { cKeyManagementGroups 15 } 3829 cKeyManCKLNotifyGroup NOTIFICATION-GROUP 3830 NOTIFICATIONS { 3831 cCKLLoadSuccess, 3832 cCKLLoadFail 3833 } 3834 STATUS current 3835 DESCRIPTION 3836 "This group is composed of notifications related to 3837 compromised key list information." 3838 ::= { cKeyManagementGroups 16 } 3840 cKeyManCDMStoreNotifyGroup NOTIFICATION-GROUP 3841 NOTIFICATIONS { 3842 cCDMAdded, 3843 cCDMDeleted 3844 } 3845 STATUS current 3846 DESCRIPTION 3847 "This group is composed of notifications related to Crypto 3848 Device Material store information." 3849 ::= { cKeyManagementGroups 17 } 3851 cKeyManRemoteKeyGroup OBJECT-GROUP 3852 OBJECTS { 3853 cRemoteKeyMaterialTableCount, 3854 cRemoteKeyMaterialTableLastChanged, 3855 cRemoteKeyMatFriendlyName, 3856 cRemoteKeyMatSerialNumber, 3857 cRemoteKeyMaterialKeyType, 3858 cRemoteKeyMatExpirationDate, 3859 cRemoteKeyMatClassification 3860 } 3861 STATUS current 3862 DESCRIPTION 3863 "This group is composed of objects related to remote key 3864 information." 3865 ::= { cKeyManagementGroups 18 } 3867 END 3869 5.5. Key Transfer Pull 3871 This MIB module makes reference to the following documents: 3872 [RFC2578], [RFC2579], [RFC2580], and [RFC3411]. 3874 CC-KEY-TRANSFER-PULL-MIB DEFINITIONS ::= BEGIN 3876 IMPORTS 3877 ccKeyTransferPull 3878 FROM CC-FEATURE-HIERARCHY-MIB -- FROM Sec 5.2 3879 MODULE-COMPLIANCE, OBJECT-GROUP, 3880 NOTIFICATION-GROUP 3881 FROM SNMPv2-CONF -- FROM RFC 2580 3882 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 3883 MODULE-IDENTITY 3884 FROM SNMPv2-SMI -- FROM RFC 2578 3885 SnmpAdminString 3886 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 3887 RowStatus, TimeStamp 3888 FROM SNMPv2-TC; -- FROM RFC 2579 3890 ccKeyTransferPullMIB MODULE-IDENTITY 3891 LAST-UPDATED "201609302154Z" 3892 ORGANIZATION "CCMIB CCB" 3893 CONTACT-INFO 3894 "CC MIB Configuration Control Board 3895 Email: CCMIB.CCB@us.af.mil" 3896 DESCRIPTION 3897 "This MIB defines the CC MIB Key Transfer Pull objects. 3899 Copyright (c) 2019 IETF Trust and the persons 3900 identified as authors of the code. All rights reserved. 3902 Redistribution and use in source and binary forms, with 3903 or without modification, is permitted pursuant to, and 3904 subject to the license terms contained in, the Simplified 3905 BSD License set forth in Section 4.c of the IETF Trust's 3906 Legal Provisions Relating to IETF Documents 3907 (http://trustee.ietf.org/license-info). 3909 This version of this MIB module is part of RFC xxxx; 3910 see the RFC itself for full legal notices." 3911 -- RFC Ed.: RFC-editor please fill in xxxx. 3912 REVISION "201609302154Z" 3913 DESCRIPTION "CC MIB 1.0.5 FINAL. Published as RFC xxxx." 3914 -- RFC Ed.: RFC-editor please fill in xxxx. 3915 ::= { ccKeyTransferPull 1 } 3917 -- ***************************************************************** 3918 -- Key Transfer Pull Information Segments 3919 -- ***************************************************************** 3921 cKeyTransferPullConformance OBJECT IDENTIFIER 3922 ::= { ccKeyTransferPullMIB 1 } 3923 cKeyTransferPullScalars OBJECT IDENTIFIER 3924 ::= { ccKeyTransferPullMIB 2 } 3925 cKeyTransferPullNotify OBJECT IDENTIFIER 3926 ::= { ccKeyTransferPullMIB 3 } 3927 cCDMServerInfo OBJECT IDENTIFIER 3928 ::= { ccKeyTransferPullMIB 4 } 3929 cCDMDeliveryInfo OBJECT IDENTIFIER 3930 ::= { ccKeyTransferPullMIB 5 } 3932 -- ***************************************************************** 3933 -- Key Transfer Pull Scalars 3934 -- ***************************************************************** 3936 cCDMServerRetryDelay OBJECT-TYPE 3937 SYNTAX Unsigned32 3938 MAX-ACCESS read-write 3939 STATUS current 3940 DESCRIPTION 3941 "The amount of time to wait after a download attempt to the 3942 Cryptographic Device Material (CDM) server fails before 3943 attempting to retry the operation. Note, this scalar applies 3944 to the download of any type of item from the CDM server 3945 (e.g., CDMs, CDMLs)." 3946 ::= { cKeyTransferPullScalars 1 } 3948 cCDMServerRetryMaxAttempts OBJECT-TYPE 3949 SYNTAX Unsigned32 3950 MAX-ACCESS read-write 3951 STATUS current 3952 DESCRIPTION 3953 "The amount of retries attempted before the download attempt 3954 to the Cryptographic Device Material (CDM) server is 3955 considered a failure. Note, this scalar applies to the 3956 download of any type of item from the CDM server (e.g., 3957 CDMs, CDMLs)." 3958 ::= { cKeyTransferPullScalars 2 } 3960 cCDMPullRetrievalPriorities OBJECT-TYPE 3961 SYNTAX Unsigned32 3962 MAX-ACCESS read-write 3963 STATUS current 3964 DESCRIPTION 3965 "An indication of which cryptographic device materials 3966 (CDMs) to retrieve based on this value and a configured 3967 cCDMDeliveryPriority in a cCDMDeliveryTable entry. This 3968 value identifies an upper bound. A value of '5' for example, 3969 implies that only cCDMDeliveryTable entries with a 3970 cCDMDeliveryPriority value of '5' or less can be acted upon 3971 (i.e., retrieved). 3973 Different types of ECUs may have different values for this 3974 scalar. Bandwidth-limited ECUs, for example, may configure 3975 lower values for only retrieving high-priority CDMs. 3977 A value of 0, also a default value for this scalar, 3978 indicates that all cCDMDeliveryTable entries can be acted 3979 upon regardless of the configured cCDMDeliveryPriority 3980 value." 3981 DEFVAL {0} 3982 ::= { cKeyTransferPullScalars 3 } 3984 cCDMLDeliveryRequest OBJECT-TYPE 3985 SYNTAX INTEGER { readyForDownload(1), downloadAndParse(2), 3986 discard(3) } 3987 MAX-ACCESS read-write 3988 STATUS current 3989 DESCRIPTION 3990 "This scalar controls the server's CDML download process - 3991 server information is stored in the cCDMServerTable. When 3992 read, it will return 'readyForDownload' if the last action 3993 succeeded. If the last action is in progress or failed, it 3994 will return the last requested action. 3996 The values which may be set depend on the current value of 3997 this object and the cCDMLDeliveryStatus object. 3999 In order to initiate a new download, this object must 4000 contain the value 'readyForDownload', and the 4001 cCDMLDeliveryStatus must contain the value 'complete'. At 4002 which point, setting this object to to 'downloadAndParse' 4003 initiates the CDML download process. Note, the 4004 cCDMLDeliveryStatus should transition to 'inProgress' at 4005 the device begins the CDML download process from the 4006 server(s) and URI(s) listed in the cCDMLServerTable (as 4007 ordered by the cCDMLServerPriority index). 4009 If the CDML download fails, the next highest priority URI 4010 will be tried, and so on. 4012 While a CDML download is in progress, or if the CDML 4013 download fails for all possible servers and URIs (indicated 4014 by a cCDMLDeliveryStatus value of 'downloadFailed'), this 4015 object will return an inconsistentValue error for any new 4016 value except 'discard' (which will cancel the current 4017 download). 4019 If the CDML download succeeded, the cCMDLDeliveryStatus 4020 value remains inProgress and the device attempts to parse 4021 the download immediately. During the parsing of the CDML, 4022 all new values will return inconsistentValue error (i.e., 4023 the parse process can not be aborted). If the parse fails, 4024 the cCDMLDeliveryStatus will transition to 'parseFailed', 4025 and this object must be set to 'discard' before a new CDML 4026 download is attempted." 4027 ::= { cKeyTransferPullScalars 4 } 4029 cCDMLDeliveryStatus OBJECT-TYPE 4030 SYNTAX INTEGER { complete(1), inProgress(2), 4031 downloadFailed(3), 4032 parseFailed(4) } 4033 MAX-ACCESS read-only 4034 STATUS current 4035 DESCRIPTION 4036 "This indicates the current state of a CDML download. 4038 'complete' indicates that the last requested 4039 cCDMLDeliveryRequest action was successful. 4041 'inProgress' indicates that a CDML download or CDML parse is 4042 underway. 4044 'downloadFailed' indicates that the last attempted CDML 4045 download failed. 4047 'parseFailed' indicates that the last attempted CDML parse 4048 failed. 4050 The relationship between this object and 4051 cCDMLDeliveryRequest is detailed in the following table. The 4052 table indicates values of cCDMLDeliveryRequest that are 4053 allowed depending on the current value of this object. 4055 cCDMLDeliveryRequest! cCDMLDeliveryStatus 4056 --------------------+-----------+----------+--------------+------------ 4057 ! ! complete !inProgress!downloadFailed!parseFailed! 4058 --------------------+-----------+----------+--------------+------------ 4059 ! readyForDownload ! allowed ! error ! error ! error ! 4060 --------------------+-----------+----------+--------------+------------ 4061 ! downloadAndParse ! allowed ! error ! error ! error ! 4062 --------------------+-----------+----------+--------------+------------ 4063 ! discard ! error ! allowed ! allowed ! allowed ! 4064 --------------------+-----------+----------+--------------+------------ 4066 As described cCDMLDeliveryRequest description, an 4067 inconsistentValue error is returned." 4068 DEFVAL { complete } 4069 ::= { cKeyTransferPullScalars 5 } 4071 -- ***************************************************************** 4072 -- Key Transfer Pull Notifications 4073 -- ***************************************************************** 4075 cCDMLPullReceiveSuccess NOTIFICATION-TYPE 4076 OBJECTS { cCDMServerURI } 4077 STATUS current 4078 DESCRIPTION 4079 "An attempt to receive a cryptographic device material 4080 list (CDML) succeeded. The CDM server URI is provided with 4081 this notification." 4082 ::= { cKeyTransferPullNotify 1 } 4084 cCDMLPullReceiveFailed NOTIFICATION-TYPE 4085 OBJECTS { 4086 cCDMServerURI, 4087 cCDMLDeliveryStatus 4088 } 4089 STATUS current 4090 DESCRIPTION 4091 "An attempt to receive a cryptographic device material 4092 list (CDML) has failed. The CDM server URI and CDML Delivery 4093 Status are provided with this notification. Note, the 4094 expected values for the CDML Delivery Status are: 4095 'downloadFailed' and 'parseFailed'." 4096 ::= { cKeyTransferPullNotify 2 } 4098 cCDMPullReceiveSuccess NOTIFICATION-TYPE 4099 OBJECTS { 4100 cCDMType, 4101 cCDMURI 4102 } 4103 STATUS current 4104 DESCRIPTION 4105 "An attempt to receive a cryptographic device material (CDM) 4106 has succeeded. The CDM Type and CDM URI are provided with 4107 this notification." 4108 ::= { cKeyTransferPullNotify 3 } 4110 cCDMPullReceiveFailed NOTIFICATION-TYPE 4111 OBJECTS { 4112 cCDMType, 4113 cCDMURI 4114 } 4115 STATUS current 4116 DESCRIPTION 4117 "An attempt to receive a cryptographic device material (CDM) 4118 has failed. The CDM Type and CDM URI are provided with this 4119 notification." 4121 ::= { cKeyTransferPullNotify 4 } 4123 -- ***************************************************************** 4124 -- CC MIB cCDMServerTable 4125 -- ***************************************************************** 4127 cCDMServerTableCount OBJECT-TYPE 4128 SYNTAX Unsigned32 4129 MAX-ACCESS read-only 4130 STATUS current 4131 DESCRIPTION 4132 "The number of rows in the cCDMServerTable." 4133 ::= { cCDMServerInfo 1 } 4135 cCDMServerTableLastChanged OBJECT-TYPE 4136 SYNTAX TimeStamp 4137 MAX-ACCESS read-only 4138 STATUS current 4139 DESCRIPTION 4140 "The last time any entry in the table was modified, created, 4141 or deleted by either SNMP, agent, or other management method 4142 (e.g., via an HMI). Managers can use this object to ensure 4143 that no changes to configuration of this table have happened 4144 since the last time it examined the table. A value of 0 4145 indicates that no entry has been changed since the agent 4146 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 4147 should be used to populate this column." 4148 ::= { cCDMServerInfo 2 } 4150 cCDMServerTable OBJECT-TYPE 4151 SYNTAX SEQUENCE OF CCDMServerEntry 4152 MAX-ACCESS not-accessible 4153 STATUS current 4154 DESCRIPTION 4155 "The table containing a list of servers that will be queried 4156 for available cryptographic device materials (CDMs), such as 4157 keys and firmware packages. This table is also used to 4158 obtain the cryptographic device material list (CDML), which 4159 is a list detailing available CDMs and their associated 4160 location for obtainment." 4161 ::= { cCDMServerInfo 3 } 4163 cCDMServerEntry OBJECT-TYPE 4164 SYNTAX CCDMServerEntry 4165 MAX-ACCESS not-accessible 4166 STATUS current 4167 DESCRIPTION 4168 "A row containing information about a server that has 4169 available CDMLs/CDMs for download." 4170 INDEX { cCDMServerPriority } 4171 ::= { cCDMServerTable 1 } 4173 CCDMServerEntry ::= SEQUENCE { 4174 cCDMServerPriority Unsigned32, 4175 cCDMServerURI OCTET STRING, 4176 cCDMServerAdditionalInfo SnmpAdminString, 4177 cCDMServerRowStatus RowStatus 4178 } 4180 cCDMServerPriority OBJECT-TYPE 4181 SYNTAX Unsigned32 4182 MAX-ACCESS not-accessible 4183 STATUS current 4184 DESCRIPTION 4185 "A unique numeric index that identifies a server that has 4186 available CDMLs/CDMs for download. This index also provides 4187 server prioritization functionality - lower values have a 4188 higher priority. For example, the server with the lowest 4189 value will be the first server for CDML/CDM downloads. In 4190 the event of failure, the next lowest value server will be 4191 tried, and so on. 4193 This column is the sole index to the cCDMServerTable." 4194 ::= { cCDMServerEntry 1 } 4196 cCDMServerURI OBJECT-TYPE 4197 SYNTAX OCTET STRING (SIZE(1..255)) 4198 MAX-ACCESS read-create 4199 STATUS current 4200 DESCRIPTION 4201 "The location of the server that has available CDMLs/CDMs 4202 for download. The value in this column is represented as a 4203 URI. 4205 Note, download of a CDML will typically result in the 4206 population of new CDM entries in the cCDMDeliveryTable." 4207 ::= { cCDMServerEntry 2 } 4209 cCDMServerAdditionalInfo OBJECT-TYPE 4210 SYNTAX SnmpAdminString 4211 MAX-ACCESS read-create 4212 STATUS current 4213 DESCRIPTION 4214 "Additional information about the CDM server. This 4215 information is manually configured by the manager both at or 4216 after row creation." 4218 ::= { cCDMServerEntry 3 } 4220 cCDMServerRowStatus OBJECT-TYPE 4221 SYNTAX RowStatus 4222 MAX-ACCESS read-create 4223 STATUS current 4224 DESCRIPTION 4225 "The status of the row, by which new entries may be created 4226 or old entries deleted from this table. 4228 Entries created within this table may not become active 4229 unless all read-create columns in this column have valid 4230 values, as detailed by each individual column's description. 4232 At a minimum, implementations must support createAndGo, 4233 active, and destroy management functions. Support for 4234 createAndWait, notInService, and notReady management 4235 functions is optional." 4236 ::= { cCDMServerEntry 4 } 4238 -- ***************************************************************** 4239 -- CC MIB cCDMDeliveryTable 4240 -- ***************************************************************** 4242 cCDMDeliveryTableCount OBJECT-TYPE 4243 SYNTAX Unsigned32 4244 MAX-ACCESS read-only 4245 STATUS current 4246 DESCRIPTION 4247 "The number of rows in the cCDMDeliveryTable." 4248 ::= { cCDMDeliveryInfo 1 } 4250 cCDMDeliveryTableLastChanged OBJECT-TYPE 4251 SYNTAX TimeStamp 4252 MAX-ACCESS read-only 4253 STATUS current 4254 DESCRIPTION 4255 "The last time any entry in the table was modified, created, 4256 or deleted by either SNMP, agent, or other management method 4257 (e.g., via an HMI). Managers can use this object to ensure 4258 that no changes to configuration of this table have happened 4259 since the last time it examined the table. A value of 0 4260 indicates that no entry has been changed since the agent 4261 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 4262 should be used to populate this column." 4263 ::= { cCDMDeliveryInfo 2 } 4265 cCDMDeliveryTable OBJECT-TYPE 4266 SYNTAX SEQUENCE OF CCDMDeliveryEntry 4267 MAX-ACCESS not-accessible 4268 STATUS current 4269 DESCRIPTION 4270 "The table storing information about cryptographic device 4271 materials (CDMs) that are ready/available for retrieval. 4272 Entries in this table are typically automatically configured 4273 by the device after a server query. Entries can also be 4274 manually configured by a manager if the location of the CDM 4275 is predetermined." 4276 ::= { cCDMDeliveryInfo 3 } 4278 cCDMDeliveryEntry OBJECT-TYPE 4279 SYNTAX CCDMDeliveryEntry 4280 MAX-ACCESS not-accessible 4281 STATUS current 4282 DESCRIPTION 4283 "A row containing information about a specific cryptographic 4284 device material (CDM) available for download." 4285 INDEX { cCDMType, cCDMURI } 4286 ::= { cCDMDeliveryTable 1 } 4288 CCDMDeliveryEntry ::= SEQUENCE { 4289 cCDMType INTEGER, 4290 cCDMURI OCTET STRING, 4291 cCDMPackageSize Unsigned32, 4292 cCDMAdditionalInfo SnmpAdminString, 4293 cCDMLastDownloadDate OCTET STRING, 4294 cCDMDeliveryPriority Unsigned32, 4295 cCDMDeliveryRequest INTEGER, 4296 cCDMDeliveryStatus INTEGER, 4297 cCDMDeliveryRowStatus RowStatus 4298 } 4300 cCDMType OBJECT-TYPE 4301 SYNTAX INTEGER { notification(1), symmetricKey(2), 4302 asymmetricKey(3), certificate(4), 4303 cklOrCrl(5), firmware(6) } 4304 MAX-ACCESS read-only 4305 STATUS current 4306 DESCRIPTION 4307 "The type of the cryptographic device material (CDM) that 4308 can be retrieved from a CDM server: 4310 [notification] = CDM is a notification providing 4311 status/information for a particular 4312 (other) CDM 4313 [symmetricKey] = CDM is a symmetric key 4315 [asymmetricKey] = CDM is a non-certificate asymmetric key 4316 [certificate] = CDM is a certificate 4317 [cklOrCrl] = CDM is a compromised key list or 4318 certificate revocation list 4319 [firmware] = CDM is a firmware package" 4320 ::= { cCDMDeliveryEntry 1 } 4322 cCDMURI OBJECT-TYPE 4323 SYNTAX OCTET STRING (SIZE(1..255)) 4324 MAX-ACCESS read-only 4325 STATUS current 4326 DESCRIPTION 4327 "The location of the cryptographic device material (CDM), 4328 represented in a URI format. Because of its type, the 4329 associated URI of the CDM Server can easily be derived. 4331 This column is typically populated by an agent upon querying 4332 a CDM Server (e.g., downloading and parsing a cryptographic 4333 device material list (CDML) from a CDM Server (entry in the 4334 cCDMServerTable)). However, a manager can also configure an 4335 entry in this table with predetermined knowledge of the CDM 4336 location." 4337 ::= { cCDMDeliveryEntry 2 } 4339 cCDMPackageSize OBJECT-TYPE 4340 SYNTAX Unsigned32 4341 UNITS "bytes" 4342 MAX-ACCESS read-only 4343 STATUS current 4344 DESCRIPTION 4345 "The package size, in bytes, of the cryptographic device 4346 material (CDM). This information is retrieved from a 4347 cryptographic device material list (CDML) or a server's 4348 product availability response following a query. This column 4349 does not apply to notifications found in CDMLs." 4350 ::= { cCDMDeliveryEntry 3 } 4352 cCDMAdditionalInfo OBJECT-TYPE 4353 SYNTAX SnmpAdminString 4354 MAX-ACCESS read-create 4355 STATUS current 4356 DESCRIPTION 4357 "Additional information about the cryptographic device 4358 material (CDM). This information can be retrieved from the 4359 downloaded cryptographic device material list (CDML) or 4360 manually configured by the manager both at or after row 4361 creation." 4362 ::= { cCDMDeliveryEntry 4 } 4364 cCDMLastDownloadDate OBJECT-TYPE 4365 SYNTAX OCTET STRING (SIZE(14)) 4366 MAX-ACCESS read-only 4367 STATUS current 4368 DESCRIPTION 4369 "This is a 14 character field that will be populated with 4370 the following values depending on the state of the download 4371 and the CDM type. 4373 1. The date and time (expressed as Generalized Time) when 4374 the device last successfully downloaded the CDM from the 4375 CDM Server. The format follows: 'yyyymmddhhmmss' where 4376 'yyyy' - year 4377 'mm' - month (first 'mm's from left to right) 4378 'dd' - day 4379 'hh' - hour 4380 'mm' - minutes (second 'mm's from left to right) 4381 'ss' - seconds 4383 2. All zero characters for the following cases. 4384 a. No indication that device has successfully downloaded 4385 the CDM. 4386 b. The cCDMType is a notification." 4387 ::= { cCDMDeliveryEntry 5 } 4389 cCDMDeliveryPriority OBJECT-TYPE 4390 SYNTAX Unsigned32 4391 MAX-ACCESS read-create 4392 STATUS current 4393 DESCRIPTION 4394 "A configurable priority value on the cryptographic device 4395 material (CDM). This column is a means to allow certain key 4396 products to be downloaded before others. Lower values have a 4397 higher priority (e.g., a value of 1 will be processed before 4398 a value of 2)." 4399 ::= { cCDMDeliveryEntry 6 } 4401 cCDMDeliveryRequest OBJECT-TYPE 4402 SYNTAX INTEGER { downloadAndInstall(1), downloadAndStore(2), 4403 discard(3) } 4404 MAX-ACCESS read-create 4405 STATUS current 4406 DESCRIPTION 4407 "This object signals the local device to perform actions on 4408 the available cryptographic device materials (CDMs) from a 4409 CDM server. The following types of actions are supported: 4411 [downloadAndInstall] = Initiates a download of a CDM. After 4412 a successful download, the CDM will be installed for local 4413 consumption and an entry is to be configured in the 4414 appropriate MIB table based on cCDMType: 4416 cCDMType | MIB Table Destination 4417 ------------------------------------- 4418 (1) notification | N/A 4419 (2) symmetricKey | cSymmetricKeyTable 4420 (3) asymmetricKey | cAsymKeyTable 4421 (4) certificate | cAsymKeyTable 4422 (5) cklOrCrl | cCKLTable 4423 (6) firmware | cFirmwareInformationTable 4425 [downloadAndStore] = Initiates a download of the CDM. After 4426 a successful download, an entry is created in the 4427 cCDMStoreTable to store the CDM. 4429 [discard] = Stops the current CDM delivery request and 4430 discards the CDM if potentially downloaded; this reverts the 4431 current value of the cCDMDeliveryStatus to 'complete'. If 4432 entries are created in the aforementioned tables for the 4433 install and store operations, these newly configured entries 4434 will be removed. 4436 The enumeration value of 'downloadAndStore' does not apply 4437 when cCDMType is set to 'notification'. 'downloadAndInstall' 4438 is used for a cCDMType of 'notification'. 4440 If this column is configured to any value except 'discard' 4441 while the value of cCDMDeliveryStatus is any value except 4442 'complete', the SNMP set operation must result in an 4443 inconsistentValue exception. The same applies if 'discard' 4444 is configured while the value cCDMDeliveryStatus is 4445 'complete'." 4446 ::= { cCDMDeliveryEntry 7 } 4448 cCDMDeliveryStatus OBJECT-TYPE 4449 SYNTAX INTEGER { complete(1), inProgress(2), 4450 downloadFailed(3), installFailed(4), 4451 storeFailed(5) } 4452 MAX-ACCESS read-only 4453 STATUS current 4454 DESCRIPTION 4455 "The status of the cryptographic device material (CDM) 4456 delivery operation. The following status values are 4457 supported: 4459 [complete] = The default state where the local device is 4460 ready to start a delivery request for the CDM. Between 4461 requests this state can only be reached after successful 4462 operations or if cCDMDeliveryRequest is set to 'discard' 4463 during an operation. 4465 [inProgress] = This state is reached when the device is 4466 either currently performing a download of the CDM or 4467 configuring appropriate MIB tables conveying installation or 4468 storage of key material. 4470 [downloadFailed] = This state is reached after a failure 4471 occurs during a download of a CDM when cCDMDeliveryRequest 4472 was configured to either 'downloadAndStore' or 4473 'downloadAndInstall'. 4475 [installFailed] = This state is reached after a failure 4476 occurs during the install of the downloaded CDM when 4477 cCDMDeliveryRequest was configured to 'downloadAndInstall'. 4479 [storeFailed] = This state is reached after a failure 4480 occurs during the store of the downloaded CDM when 4481 cCDMDeliveryRequest was configured to 'downloadAndStore'." 4482 ::= { cCDMDeliveryEntry 8 } 4484 cCDMDeliveryRowStatus OBJECT-TYPE 4485 SYNTAX RowStatus 4486 MAX-ACCESS read-create 4487 STATUS current 4488 DESCRIPTION 4489 "The status of the row, by which new entries may be created 4490 or old entries deleted from this table. 4492 Entries created within this table may not become active 4493 unless all read-create columns in this column have valid 4494 values, as detailed by each individual column's description. 4496 At a minimum, implementations must support createAndGo, 4497 active, and destroy management functions. Support for 4498 createAndWait, notInService, and notReady management 4499 functions is optional." 4500 ::= { cCDMDeliveryEntry 9 } 4502 -- ***************************************************************** 4503 -- Module Conformance Information 4504 -- ***************************************************************** 4506 cKeyTransferPullCompliances OBJECT IDENTIFIER 4507 ::= { cKeyTransferPullConformance 1} 4509 cKeyTransferPullGroups OBJECT IDENTIFIER 4510 ::= { cKeyTransferPullConformance 2} 4512 cKeyTransferPullCompliance MODULE-COMPLIANCE 4513 STATUS current 4514 DESCRIPTION 4515 "Compliance levels for key transfer pull information." 4516 MODULE 4517 MANDATORY-GROUPS { 4518 cKeyTransferPullServerGroup, 4519 cKeyTransferPullDeliveryGroup 4520 } 4522 GROUP cKeyTransferPullDeliveryNotifyGroup 4523 DESCRIPTION 4524 "This notification group is optional for implementation." 4526 OBJECT cCDMDeliveryRequest 4527 SYNTAX INTEGER { downloadAndInstall(1), discard(3) } 4528 DESCRIPTION 4529 "Implementation of this enumeration value(s) is mandatory - 4530 enumeration values not listed here are optional." 4532 OBJECT cCDMDeliveryStatus 4533 SYNTAX INTEGER { complete(1), inProgress(2), downloadFailed(3), 4534 installFailed(4) } 4535 DESCRIPTION 4536 "Implementation of this enumeration value(s) is mandatory - 4537 enumeration values not listed here are optional." 4538 ::= { cKeyTransferPullCompliances 1 } 4540 cKeyTransferPullServerGroup OBJECT-GROUP 4541 OBJECTS { 4542 cCDMServerRetryDelay, 4543 cCDMServerRetryMaxAttempts, 4544 cCDMServerTableCount, 4545 cCDMServerTableLastChanged, 4546 cCDMServerURI, 4547 cCDMServerAdditionalInfo, 4548 cCDMServerRowStatus 4549 } 4550 STATUS current 4551 DESCRIPTION 4552 "This group is composed of objects related to server 4553 information." 4554 ::= { cKeyTransferPullGroups 1 } 4556 cKeyTransferPullDeliveryGroup OBJECT-GROUP 4557 OBJECTS { 4558 cCDMPullRetrievalPriorities, 4559 cCDMLDeliveryRequest, 4560 cCDMLDeliveryStatus, 4561 cCDMDeliveryTableCount, 4562 cCDMDeliveryTableLastChanged, 4563 cCDMDeliveryTableLastChanged, 4564 cCDMType, 4565 cCDMURI, 4566 cCDMPackageSize, 4567 cCDMAdditionalInfo, 4568 cCDMLastDownloadDate, 4569 cCDMDeliveryPriority, 4570 cCDMDeliveryRequest, 4571 cCDMDeliveryStatus, 4572 cCDMDeliveryRowStatus 4573 } 4574 STATUS current 4575 DESCRIPTION 4576 "This group is composed of objects related to delivery 4577 information." 4578 ::= { cKeyTransferPullGroups 2 } 4580 cKeyTransferPullDeliveryNotifyGroup NOTIFICATION-GROUP 4581 NOTIFICATIONS { 4582 cCDMLPullReceiveSuccess, 4583 cCDMLPullReceiveFailed, 4584 cCDMPullReceiveSuccess, 4585 cCDMPullReceiveFailed 4586 } 4587 STATUS current 4588 DESCRIPTION 4589 "This group is composed of notifications related to delivery 4590 information." 4591 ::= { cKeyTransferPullGroups 3 } 4593 END 4595 5.6. Key Transfer Push 4597 This MIB module makes reference to following documents: [RFC2578], 4598 [RFC2579], [RFC2580], and [RFC3411]. 4600 CC-KEY-TRANSFER-PUSH-MIB DEFINITIONS ::= BEGIN 4602 IMPORTS 4603 ccKeyTransferPush 4604 FROM CC-FEATURE-HIERARCHY-MIB -- FROM Sec 5.2 4606 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 4607 MODULE-IDENTITY 4608 FROM SNMPv2-SMI -- FROM RFC 2578 4609 SnmpAdminString 4610 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 4611 RowPointer, RowStatus, DateAndTime, 4612 TimeStamp 4613 FROM SNMPv2-TC -- FROM RFC 2579 4614 MODULE-COMPLIANCE, OBJECT-GROUP, 4615 NOTIFICATION-GROUP 4616 FROM SNMPv2-CONF; -- FROM RFC 2580 4618 ccKeyTransferPushMIB MODULE-IDENTITY 4619 LAST-UPDATED "201609302154Z" 4620 ORGANIZATION "CCMIB CCB" 4621 CONTACT-INFO 4622 "CC MIB Configuration Control Board 4623 Email: CCMIB.CCB@us.af.mil" 4624 DESCRIPTION 4625 "This MIB defines the CC MIB Key Transfer Push object. 4627 Copyright (c) 2019 IETF Trust and the persons 4628 identified as authors of the code. All rights reserved. 4630 Redistribution and use in source and binary forms, with 4631 or without modification, is permitted pursuant to, and 4632 subject to the license terms contained in, the Simplified 4633 BSD License set forth in Section 4.c of the IETF Trust's 4634 Legal Provisions Relating to IETF Documents 4635 (http://trustee.ietf.org/license-info). 4637 This version of this MIB module is part of RFC xxxx; 4638 see the RFC itself for full legal notices." 4639 -- RFC Ed.: RFC-editor please fill in xxxx. 4640 REVISION "201609302154Z" 4641 DESCRIPTION "CC MIB 1.0.5 FINAL. Published as RFC xxxx." 4642 -- RFC Ed.: RFC-editor please fill in xxxx. 4643 ::= { ccKeyTransferPush 1 } 4645 -- ***************************************************************** 4646 -- Key Transfer Push Information Segments 4647 -- ***************************************************************** 4649 cCDMPushDestInfo OBJECT IDENTIFIER 4650 ::= { ccKeyTransferPushMIB 1 } 4651 cCDMTransferPkgInfo OBJECT IDENTIFIER 4652 ::= { ccKeyTransferPushMIB 2 } 4653 cCDMPushSrcInfo OBJECT IDENTIFIER 4654 ::= { ccKeyTransferPushMIB 3 } 4655 cKeyTransferPushScalars OBJECT IDENTIFIER 4656 ::= { ccKeyTransferPushMIB 4 } 4657 cKeyTransferPushNotify OBJECT IDENTIFIER 4658 ::= { ccKeyTransferPushMIB 5 } 4659 cKeyTransferPushConformance OBJECT IDENTIFIER 4660 ::= { ccKeyTransferPushMIB 6 } 4662 -- ***************************************************************** 4663 -- Key Transfer Push Scalars 4664 -- ***************************************************************** 4666 cCDMTransferDelay OBJECT-TYPE 4667 SYNTAX Unsigned32 4668 MAX-ACCESS read-write 4669 STATUS current 4670 DESCRIPTION 4671 "The number of seconds to wait after a Cryptographic Device 4672 Material (CDM) transfer attempt initiated by the sender 4673 fails before attempting to retry the operation." 4674 ::= { cKeyTransferPushScalars 1 } 4676 cCDMTransferMaxAttempts OBJECT-TYPE 4677 SYNTAX Unsigned32 4678 MAX-ACCESS read-write 4679 STATUS current 4680 DESCRIPTION 4681 "The amount of retries attempted before giving up on a 4682 device due to consecutive Cryptographic Device Material 4683 (CDM) transfer failures." 4684 ::= { cKeyTransferPushScalars 2 } 4686 -- ***************************************************************** 4687 -- Key Transfer Push Notifications 4688 -- ***************************************************************** 4690 cCDMPushSendSuccess NOTIFICATION-TYPE 4691 OBJECTS { 4692 cCDMPushDestAddressLocationType, 4693 cCDMPushDestAddressLocation, 4694 cCDMPushDestTransferType, 4695 cCDMPushDestPackageSelection 4696 } 4697 STATUS current 4698 DESCRIPTION 4699 "An attempt to send CDM, identified by CDM push transfer 4700 information (cCDMPushDestTable row data), has succeeded." 4701 ::= { cKeyTransferPushNotify 1 } 4703 cCDMPushReceiveSuccess NOTIFICATION-TYPE 4704 OBJECTS { 4705 cCDMPushSrcAddrLocationType, 4706 cCDMPushSrcAddrLocation, 4707 cCDMPushSrcTransferType 4708 } 4709 STATUS current 4710 DESCRIPTION 4711 "An attempt to receive key material, identified by CDM push 4712 transfer information (cCDMPushSrcTable row data), has 4713 succeeded." 4714 ::= { cKeyTransferPushNotify 2 } 4716 cCDMPushReceiveFail NOTIFICATION-TYPE 4717 OBJECTS { 4718 cCDMPushSrcAddrLocationType, 4719 cCDMPushSrcAddrLocation, 4720 cCDMPushSrcTransferType 4721 } 4722 STATUS current 4723 DESCRIPTION 4724 "An attempt to receive key material via a Push operation, 4725 identified by the Sender Address and Transfer Type has 4726 failed." 4727 ::= { cKeyTransferPushNotify 3 } 4729 cCDMPushSendFail NOTIFICATION-TYPE 4730 OBJECTS { 4731 cCDMPushDestAddressLocationType, 4732 cCDMPushDestAddressLocation, 4733 cCDMPushDestTransferType, 4734 cCDMPushDestPackageSelection 4735 } 4736 STATUS current 4737 DESCRIPTION 4738 "An attempt to send key material, identified by the 4739 Recipient Address and Transfer Type, has failed." 4740 ::= { cKeyTransferPushNotify 4 } 4742 -- ***************************************************************** 4743 -- CC MIB cCDMPushDestTable 4744 -- ***************************************************************** 4746 cCDMPushDestTableCount OBJECT-TYPE 4747 SYNTAX Unsigned32 4748 MAX-ACCESS read-only 4749 STATUS current 4750 DESCRIPTION 4751 "The number of rows in the cCDMPushDestTable." 4752 ::= { cCDMPushDestInfo 1 } 4754 cCDMPushDestTableLastChanged OBJECT-TYPE 4755 SYNTAX TimeStamp 4756 MAX-ACCESS read-only 4757 STATUS current 4758 DESCRIPTION 4759 "The last time any entry in the table was modified, created, 4760 or deleted by either SNMP, agent, or other management method 4761 (e.g., via an HMI). Managers can use this object to ensure 4762 that no changes to configuration of this table have happened 4763 since the last time it examined the table. A value of 0 4764 indicates that no entry has been changed since the agent 4765 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 4766 should be used to populate this column." 4767 ::= { cCDMPushDestInfo 2 } 4769 cCDMPushDestTable OBJECT-TYPE 4770 SYNTAX SEQUENCE OF CCDMPushDestEntry 4771 MAX-ACCESS not-accessible 4772 STATUS current 4773 DESCRIPTION 4774 "The table that provides the necessary information a sender 4775 needs to initiate a Cryptographic Device Material (CDM) send 4776 to a receiving device." 4777 ::= { cCDMPushDestInfo 3 } 4779 cCDMPushDestEntry OBJECT-TYPE 4780 SYNTAX CCDMPushDestEntry 4781 MAX-ACCESS not-accessible 4782 STATUS current 4783 DESCRIPTION 4784 "A row containing information for a Cryptographic Device 4785 Material (CDM) transfer to a receiving device." 4786 INDEX { cCDMPushDestIndex } 4787 ::= { cCDMPushDestTable 1 } 4789 CCDMPushDestEntry ::= SEQUENCE { 4790 cCDMPushDestIndex Unsigned32, 4791 cCDMPushDestTransferType INTEGER, 4792 cCDMPushDestAddressLocationType INTEGER, 4793 cCDMPushDestAddressLocation OCTET STRING, 4794 cCDMPushDestTransferTime DateAndTime, 4795 cCDMPushDestPackageSelection SnmpAdminString, 4796 cCDMPushDestRowStatus RowStatus 4797 } 4798 cCDMPushDestIndex OBJECT-TYPE 4799 SYNTAX Unsigned32 4800 MAX-ACCESS not-accessible 4801 STATUS current 4802 DESCRIPTION 4803 "A numeric index that identifies a unique location in this 4804 table." 4805 ::= { cCDMPushDestEntry 1 } 4807 cCDMPushDestTransferType OBJECT-TYPE 4808 SYNTAX SnmpAdminString (SIZE(1..32)) 4809 MAX-ACCESS read-create 4810 STATUS current 4811 DESCRIPTION 4812 "The transfer mechanism or protocol used by the sender to 4813 execute the Cryptographic Device Material (CDM) transfer." 4814 ::= { cCDMPushDestEntry 2 } 4816 cCDMPushDestAddressLocationType OBJECT-TYPE 4817 SYNTAX INTEGER { ipv4(1), ipv6(2), uri(3), other(4) } 4818 MAX-ACCESS read-create 4819 STATUS current 4820 DESCRIPTION 4821 "Enumeration indicating the type of address location." 4822 ::= { cCDMPushDestEntry 3 } 4824 cCDMPushDestAddressLocation OBJECT-TYPE 4825 SYNTAX OCTET STRING 4826 MAX-ACCESS read-create 4827 STATUS current 4828 DESCRIPTION 4829 "Location of the receiver. The syntax allows a URI or an IP 4830 address to be configured." 4831 ::= { cCDMPushDestEntry 4 } 4833 cCDMPushDestTransferTime OBJECT-TYPE 4834 SYNTAX DateAndTime 4835 MAX-ACCESS read-create 4836 STATUS current 4837 DESCRIPTION 4838 "A valid date and time value populated in this object will 4839 automatically initiate the transfer at the value specified. 4841 To initiate an immediate transfer the following 4842 configuration is used: '0' for the year field, '1' for the 4843 month field, '1' for the day field, '-' for the direction 4844 from UTC field, and '0' for all other fields. This 4845 configuration is displayed as '0-1-1,00:00:00.0,-0:0'. Note 4846 that if the timezone fields are not used then the displayed 4847 value is as follows: '0-1-1,00:00:00.0'. The timezone 4848 fields are the direction from UTC, hours from UTC, and 4849 minutes from UTC." 4850 ::= { cCDMPushDestEntry 5 } 4852 cCDMPushDestPackageSelection OBJECT-TYPE 4853 SYNTAX SnmpAdminString 4854 MAX-ACCESS read-create 4855 STATUS current 4856 DESCRIPTION 4857 "A reference string that points to the key material(s) to 4858 transfer. This column may reference one entry (e.g., an 4859 entry in the cCDMStoreTable) or multiple entries (e.g., 4860 multiple entries in the cCDMTransferPkgTable). This object 4861 defines all the items in the package that will be sent." 4862 ::= { cCDMPushDestEntry 6 } 4864 cCDMPushDestRowStatus OBJECT-TYPE 4865 SYNTAX RowStatus 4866 MAX-ACCESS read-create 4867 STATUS current 4868 DESCRIPTION 4869 "The status of the row, by which new entries may be created 4870 or old entries deleted from this table. 4872 Entries created within this table may not become active 4873 unless all read-create columns in this column have valid 4874 values, as detailed by each individual column's description. 4876 At a minimum, implementations must support createAndGo, 4877 active, and destroy management functions. Support for 4878 createAndWait, notInService, and notReady management 4879 functions is optional." 4880 ::= { cCDMPushDestEntry 7 } 4882 -- ***************************************************************** 4883 -- CC MIB cCDMTransferPkgTable 4884 -- ***************************************************************** 4886 cCDMTransferPkgTableCount OBJECT-TYPE 4887 SYNTAX Unsigned32 4888 MAX-ACCESS read-only 4889 STATUS current 4890 DESCRIPTION 4891 "The number of rows in the cCDMTransferPkgTable." 4892 ::= { cCDMTransferPkgInfo 1 } 4894 cCDMTransferPkgTableLastChanged OBJECT-TYPE 4895 SYNTAX TimeStamp 4896 MAX-ACCESS read-only 4897 STATUS current 4898 DESCRIPTION 4899 "The last time any entry in the table was modified, created, 4900 or deleted by either SNMP, agent, or other management method 4901 (e.g., via an HMI). Managers can use this object to ensure 4902 that no changes to configuration of this table have happened 4903 since the last time it examined the table. A value of 0 4904 indicates that no entry has been changed since the agent 4905 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 4906 should be used to populate this column." 4907 ::= { cCDMTransferPkgInfo 2 } 4909 cCDMTransferPkgTable OBJECT-TYPE 4910 SYNTAX SEQUENCE OF CCDMTransferPkgEntry 4911 MAX-ACCESS not-accessible 4912 STATUS current 4913 DESCRIPTION 4914 "The table for configuring single or multiple Cryptographic 4915 Device Material (CDM) in a package that can be transferred 4916 on a send operation. Entries in this table are referenced by 4917 the cCDMPushDestPackageSelection column." 4918 ::= { cCDMTransferPkgInfo 3 } 4920 cCDMTransferPkgEntry OBJECT-TYPE 4921 SYNTAX CCDMTransferPkgEntry 4922 MAX-ACCESS not-accessible 4923 STATUS current 4924 DESCRIPTION 4925 "A row containing information about a package used on a send 4926 operation." 4927 INDEX { cCDMTransferPkgLabel, cCDMTransferPkgIndex } 4928 ::= { cCDMTransferPkgTable 1 } 4930 CCDMTransferPkgEntry ::= SEQUENCE { 4931 cCDMTransferPkgLabel SnmpAdminString, 4932 cCDMTransferPkgIndex Unsigned32, 4933 cCDMTransferPkgLocatorRowPtr RowPointer, 4934 cCDMTransferPkgRowStatus RowStatus 4935 } 4937 cCDMTransferPkgLabel OBJECT-TYPE 4938 SYNTAX SnmpAdminString 4939 MAX-ACCESS not-accessible 4940 STATUS current 4941 DESCRIPTION 4942 "An administrative name that identifies a package within 4943 this table. cCDMTransferPkgLabel and cCDMTransferPkgIndex 4944 serve as indexes of this table." 4945 ::= { cCDMTransferPkgEntry 1 } 4947 cCDMTransferPkgIndex OBJECT-TYPE 4948 SYNTAX Unsigned32 4949 MAX-ACCESS not-accessible 4950 STATUS current 4951 DESCRIPTION 4952 "An administrative way of creating a unique row within this 4953 table. This value shows the position of a given item within 4954 this package designated by cCDMTransferPkgLabel. 4955 cCDMTransferPkgLabel and cCDMTransferPkgIndex serve as 4956 indexes of this table." 4957 ::= { cCDMTransferPkgEntry 2 } 4959 cCDMTransferPkgLocatorRowPtr OBJECT-TYPE 4960 SYNTAX RowPointer 4961 MAX-ACCESS read-create 4962 STATUS current 4963 DESCRIPTION 4964 "A RowPointer that points to a unique entry in the table 4965 containing the necessary Cryptographic Device Material (CDM) 4966 for transfer. For example, referencing a key in the 4967 cSymmetricKeyTable, the value in this column contains the 4968 pointer to the appropriate row in the cSymmetricKeyTable." 4969 ::= { cCDMTransferPkgEntry 3 } 4971 cCDMTransferPkgRowStatus OBJECT-TYPE 4972 SYNTAX RowStatus 4973 MAX-ACCESS read-create 4974 STATUS current 4975 DESCRIPTION 4976 "The status of the row, by which new entries may be created 4977 or old entries deleted from this table. 4979 Entries created within this table may not become active 4980 unless all read-create columns in this column have valid 4981 values, as detailed by each individual column's description. 4983 At a minimum, implementations must support createAndGo, 4984 active, and destroy management functions. Support for 4985 createAndWait, notInService, and notReady management 4986 functions is optional." 4987 ::= { cCDMTransferPkgEntry 4 } 4989 -- ***************************************************************** 4990 -- CC MIB cCDMPushSrcTable 4991 -- ***************************************************************** 4993 cCDMPushSrcTableCount OBJECT-TYPE 4994 SYNTAX Unsigned32 4995 MAX-ACCESS read-only 4996 STATUS current 4997 DESCRIPTION 4998 "The number of rows in the cCDMPushSrcTable." 4999 ::= { cCDMPushSrcInfo 1 } 5001 cCDMPushSrcTableLastChanged OBJECT-TYPE 5002 SYNTAX TimeStamp 5003 MAX-ACCESS read-only 5004 STATUS current 5005 DESCRIPTION 5006 "The last time any entry in the table was modified, created, 5007 or deleted by either SNMP, agent, or other management method 5008 (e.g., via an HMI). Managers can use this object to ensure 5009 that no changes to configuration of this table have happened 5010 since the last time it examined the table. A value of 0 5011 indicates that no entry has been changed since the agent 5012 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 5013 should be used to populate this column." 5014 ::= { cCDMPushSrcInfo 2 } 5016 cCDMPushSrcTable OBJECT-TYPE 5017 SYNTAX SEQUENCE OF CCDMPushSrcEntry 5018 MAX-ACCESS not-accessible 5019 STATUS current 5020 DESCRIPTION 5021 "This table provides the list of authorized senders that 5022 this receiving device will accept Cryptographic Device 5023 Material (CDM) transfers from. Servers for the 5024 cCDMServerTable are not listed in this table since this 5025 table is specific for the Push Model." 5026 ::= { cCDMPushSrcInfo 3 } 5028 cCDMPushSrcEntry OBJECT-TYPE 5029 SYNTAX CCDMPushSrcEntry 5030 MAX-ACCESS not-accessible 5031 STATUS current 5032 DESCRIPTION 5033 "A row containing information about an authorized sender 5034 that this receiving device will accept." 5035 INDEX { cCDMPushSrcSenderName, cCDMPushSrcTransferType } 5036 ::= { cCDMPushSrcTable 1 } 5038 CCDMPushSrcEntry ::= SEQUENCE { 5039 cCDMPushSrcSenderName SnmpAdminString, 5040 cCDMPushSrcTransferType SnmpAdminString, 5041 cCDMPushSrcAddrLocationType INTEGER, 5042 cCDMPushSrcAddrLocation OCTET STRING, 5043 cCDMPushSrcRowStatus RowStatus 5044 } 5046 cCDMPushSrcSenderName OBJECT-TYPE 5047 SYNTAX SnmpAdminString 5048 MAX-ACCESS not-accessible 5049 STATUS current 5050 DESCRIPTION 5051 "An administrative string for an authorized sender. 5052 cCDMPushSrcSenderName and cCDMPushSrcTransferType serve as 5053 indexes of this table." 5054 ::= { cCDMPushSrcEntry 1 } 5056 cCDMPushSrcTransferType OBJECT-TYPE 5057 SYNTAX SnmpAdminString (SIZE(1..32)) 5058 MAX-ACCESS read-only 5059 STATUS current 5060 DESCRIPTION 5061 "Analogous to cCDMPushDestTransferType. The transfer 5062 mechanism or protocol used by the receiver to receive the 5063 Cryptographic Device Material (CDM) transfer. 5065 cCDMPushSrcSenderName and cCDMPushSrcTransferType serve as 5066 indexes of this table." 5067 ::= { cCDMPushSrcEntry 2 } 5069 cCDMPushSrcAddrLocationType OBJECT-TYPE 5070 SYNTAX INTEGER { ipv4(1), ipv6(2), uri(3), other(4) } 5071 MAX-ACCESS read-create 5072 STATUS current 5073 DESCRIPTION 5074 "Enumeration indicating the type of address location 5075 (values: ipv4, ipv6 or uri)." 5076 ::= { cCDMPushSrcEntry 3 } 5078 cCDMPushSrcAddrLocation OBJECT-TYPE 5079 SYNTAX OCTET STRING 5080 MAX-ACCESS read-create 5081 STATUS current 5082 DESCRIPTION 5083 "Location of the authorized sender." 5084 ::= { cCDMPushSrcEntry 4 } 5086 cCDMPushSrcRowStatus OBJECT-TYPE 5087 SYNTAX RowStatus 5088 MAX-ACCESS read-create 5089 STATUS current 5090 DESCRIPTION 5091 "The status of the row, by which new entries may be created 5092 or old entries deleted from this table. 5094 Entries created within this table may not become active 5095 unless all read-create columns in this column have valid 5096 values, as detailed by each individual column's description. 5098 At a minimum, implementations must support createAndGo, 5099 active, and destroy management functions. Support for 5100 createAndWait, notInService, and notReady management 5101 functions is optional." 5102 ::= { cCDMPushSrcEntry 5 } 5104 -- ***************************************************************** 5105 -- Module Conformance Information 5106 -- ***************************************************************** 5108 cKeyTransferPushCompliances OBJECT IDENTIFIER 5109 ::= { cKeyTransferPushConformance 1} 5111 cKeyTransferPushGroups OBJECT IDENTIFIER 5112 ::= { cKeyTransferPushConformance 2} 5114 cKeyTransferPushSenderCompliance MODULE-COMPLIANCE 5115 STATUS current 5116 DESCRIPTION 5117 "Compliance levels for sender information." 5118 MODULE 5119 MANDATORY-GROUPS { cKeyTransferPushSenderGroup } 5121 GROUP cKeyTransferPushSenderNotifyGroup 5122 DESCRIPTION 5123 "This notification group is optional for implementation." 5125 OBJECT cCDMTransferDelay 5126 MIN-ACCESS not-accessible 5127 DESCRIPTION 5128 "Implementation of this object is optional." 5130 OBJECT cCDMTransferMaxAttempts 5131 MIN-ACCESS not-accessible 5132 DESCRIPTION 5133 "Implementation of this object is optional." 5135 ::= { cKeyTransferPushCompliances 1 } 5137 cKeyTransferPushReceiverCompliance MODULE-COMPLIANCE 5138 STATUS current 5139 DESCRIPTION 5140 "Compliance levels for receiver information." 5141 MODULE 5142 MANDATORY-GROUPS { cKeyTransferPushReceiverGroup } 5144 GROUP cKeyTransferPushReceiverNotifyGroup 5145 DESCRIPTION 5146 "This notification group is optional for implementation." 5147 ::= { cKeyTransferPushCompliances 2 } 5149 cKeyTransferPushSenderGroup OBJECT-GROUP 5150 OBJECTS { 5151 cCDMTransferDelay, 5152 cCDMTransferMaxAttempts, 5153 cCDMPushDestTableCount, 5154 cCDMPushDestTableLastChanged, 5155 cCDMPushDestTransferType, 5156 cCDMPushDestAddressLocationType, 5157 cCDMPushDestAddressLocation, 5158 cCDMPushDestTransferTime, 5159 cCDMPushDestPackageSelection, 5160 cCDMPushDestRowStatus, 5161 cCDMTransferPkgTableCount, 5162 cCDMTransferPkgTableLastChanged, 5163 cCDMTransferPkgLocatorRowPtr, 5164 cCDMTransferPkgRowStatus 5165 } 5166 STATUS current 5167 DESCRIPTION 5168 "This group is composed of objects related to sender 5169 information." 5170 ::= { cKeyTransferPushGroups 1 } 5172 cKeyTransferPushReceiverGroup OBJECT-GROUP 5173 OBJECTS { 5174 cCDMPushSrcTableCount, 5175 cCDMPushSrcTableLastChanged, 5176 cCDMPushSrcTransferType, 5177 cCDMPushSrcAddrLocationType, 5178 cCDMPushSrcAddrLocation, 5179 cCDMPushSrcRowStatus 5180 } 5181 STATUS current 5182 DESCRIPTION 5183 "This group is composed of objects related to receiver 5184 information." 5185 ::= { cKeyTransferPushGroups 2 } 5187 cKeyTransferPushSenderNotifyGroup NOTIFICATION-GROUP 5188 NOTIFICATIONS { 5189 cCDMPushSendSuccess, 5190 cCDMPushSendFail 5191 } 5192 STATUS current 5193 DESCRIPTION 5194 "This group is composed of notifications related to sender 5195 information." 5196 ::= { cKeyTransferPushGroups 3 } 5198 cKeyTransferPushReceiverNotifyGroup NOTIFICATION-GROUP 5199 NOTIFICATIONS { 5200 cCDMPushReceiveSuccess, 5201 cCDMPushReceiveFail 5202 } 5203 STATUS current 5204 DESCRIPTION 5205 "This group is composed of notifications related to receiver 5206 information." 5207 ::= { cKeyTransferPushGroups 4 } 5209 END 5211 5.7. Security Policy Information 5213 This module makes reference to: Section 5.2, [RFC2578], [RFC2579], 5214 [RFC2580], and {RFC3411}}. 5216 CC-SECURE-POLICY-INFO-MIB DEFINITIONS ::= BEGIN 5218 IMPORTS 5219 ccSecurePolicyInfo 5220 FROM CC-FEATURE-HIERARCHY-MIB -- FROM Sec 5.2 5221 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 5222 MODULE-IDENTITY 5223 FROM SNMPv2-SMI -- FROM RFC 2578 5224 MODULE-COMPLIANCE, OBJECT-GROUP, 5225 NOTIFICATION-GROUP 5226 FROM SNMPv2-CONF -- FROM RFC 2580 5227 SnmpAdminString 5228 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 5229 RowStatus, TimeStamp 5230 FROM SNMPv2-TC; -- FROM RFC 2579 5232 ccSecurePolicyInfoMIB MODULE-IDENTITY 5233 LAST-UPDATED "201609302154Z" 5234 ORGANIZATION "CCMIB CCB" 5235 CONTACT-INFO 5236 "CC MIB Configuration Control Board 5237 Email: CCMIB.CCB@us.af.mil" 5238 DESCRIPTION 5239 "This MIB defines the CC MIB Security Policy Information 5240 objects. 5242 Copyright (c) 2019 IETF Trust and the persons 5243 identified as authors of the code. All rights reserved. 5245 Redistribution and use in source and binary forms, with 5246 or without modification, is permitted pursuant to, and 5247 subject to the license terms contained in, the Simplified 5248 BSD License set forth in Section 4.c of the IETF Trust's 5249 Legal Provisions Relating to IETF Documents 5250 (http://trustee.ietf.org/license-info). 5252 This version of this MIB module is part of RFC xxxx; 5253 see the RFC itself for full legal notices." 5254 -- RFC Ed.: RFC-editor please fill in xxxx. 5255 REVISION "201609302154Z" 5256 DESCRIPTION "CC MIB 1.0.5 FINAL. Published as RFC xxxx." 5257 -- RFC Ed.: RFC-editor please fill in xxxx. 5258 ::= { ccSecurePolicyInfo 1 } 5260 -- ***************************************************************** 5261 -- Secure Policy Info Information Segments 5262 -- ***************************************************************** 5264 cSecurePolicyConformance OBJECT IDENTIFIER 5265 ::= { ccSecurePolicyInfoMIB 1 } 5266 cSecPolicyRuleInfo OBJECT IDENTIFIER 5267 ::= { ccSecurePolicyInfoMIB 2 } 5268 cSecurePolicyInfoScalars OBJECT IDENTIFIER 5269 ::= { ccSecurePolicyInfoMIB 3 } 5270 cSecurePolicyInfoNotify OBJECT IDENTIFIER 5271 ::= { ccSecurePolicyInfoMIB 4 } 5273 -- ***************************************************************** 5274 -- Secure Policy Info Scalars 5275 -- ***************************************************************** 5277 -- ***************************************************************** 5278 -- Secure Policy Info Notifications 5279 -- ***************************************************************** 5280 cSecPolicyChanged NOTIFICATION-TYPE 5281 OBJECTS { 5282 cSecPolicyRulePriorityID, 5283 cSecPolicyRuleDescription 5284 } 5285 STATUS current 5286 DESCRIPTION 5287 "A notification indicating that an existent Security Policy 5288 entry in the cSecPolicyRuleTable in has changed." 5289 ::= { cSecurePolicyInfoNotify 1 } 5291 -- ***************************************************************** 5292 -- CC MIB cSecPolicyRuleTable 5293 -- ***************************************************************** 5295 cSecPolicyRuleTableCount OBJECT-TYPE 5296 SYNTAX Unsigned32 5297 MAX-ACCESS read-only 5298 STATUS current 5299 DESCRIPTION 5300 "The number of rows in the cSecPolicyRuleTable." 5301 ::= { cSecPolicyRuleInfo 1 } 5303 cSecPolicyRuleTableLastChanged OBJECT-TYPE 5304 SYNTAX TimeStamp 5305 MAX-ACCESS read-only 5306 STATUS current 5307 DESCRIPTION 5308 "The last time any entry in the table was modified, created, 5309 or deleted by either SNMP, agent, or other management method 5310 (e.g., via an HMI). Managers can use this object to ensure 5311 that no changes to configuration of this table have happened 5312 since the last time it examined the table. A value of 0 5313 indicates that no entry has been changed since the agent 5314 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 5315 should be used to populate this column." 5316 ::= { cSecPolicyRuleInfo 2 } 5318 cSecPolicyRuleTable OBJECT-TYPE 5319 SYNTAX SEQUENCE OF CSecPolicyRuleEntry 5320 MAX-ACCESS not-accessible 5321 STATUS current 5322 DESCRIPTION 5323 "The cSecPolicyRuleTable stores the Security Policy Rules 5324 that are compared against inbound and outbound data traffic 5325 flow. These Security Policy Rules define the actions (e.g., 5326 protect, bypass, discard) on how the data traffic flow 5327 should be treated." 5329 ::= { cSecPolicyRuleInfo 3 } 5331 cSecPolicyRuleEntry OBJECT-TYPE 5332 SYNTAX CSecPolicyRuleEntry 5333 MAX-ACCESS not-accessible 5334 STATUS current 5335 DESCRIPTION 5336 "A row containing general information about a Security 5337 Policy rule." 5338 INDEX { cSecPolicyRulePriorityID } 5339 ::= { cSecPolicyRuleTable 1 } 5341 CSecPolicyRuleEntry ::= SEQUENCE { 5342 cSecPolicyRulePriorityID Unsigned32, 5343 cSecPolicyRuleDescription OCTET STRING, 5344 cSecPolicyRuleType INTEGER, 5345 cSecPolicyRuleFilterReference SnmpAdminString, 5346 cSecPolicyRuleAction INTEGER, 5347 cSecPolicyRuleRowStatus RowStatus 5348 } 5350 cSecPolicyRulePriorityID OBJECT-TYPE 5351 SYNTAX Unsigned32 5352 MAX-ACCESS read-only 5353 STATUS current 5354 DESCRIPTION 5355 "Local unique index that identifies the priority at which 5356 this Security Policy rule is applied. Lower values have a 5357 higher priority (e.g., a value of 1 will be processed before 5358 a value of 2). This column is the primary index to the 5359 cSecPolicyRuleTable." 5360 ::= { cSecPolicyRuleEntry 1 } 5362 cSecPolicyRuleDescription OBJECT-TYPE 5363 SYNTAX OCTET STRING 5364 MAX-ACCESS read-create 5365 STATUS current 5366 DESCRIPTION 5367 "An administrative string describing the Security Policy 5368 rule. Note, this is a free form OCTET STRING that provides 5369 the user a store for any form of description/documentation 5370 for the given entry." 5371 ::= { cSecPolicyRuleEntry 2 } 5373 cSecPolicyRuleType OBJECT-TYPE 5374 SYNTAX INTEGER { ipsec(1), tls(2), macsec(3) } 5375 MAX-ACCESS read-create 5376 STATUS current 5377 DESCRIPTION 5378 "Optional column that defines the related protocol type of 5379 the Security Policy rule. Depending on this column's set 5380 value, entries will vary in respect to which other 5381 columns/tables (if at all) must be populated to fully 5382 configure the Security Policy rule." 5383 ::= { cSecPolicyRuleEntry 3 } 5385 cSecPolicyRuleFilterReference OBJECT-TYPE 5386 SYNTAX SnmpAdminString 5387 MAX-ACCESS read-create 5388 STATUS current 5389 DESCRIPTION 5390 "A string that references the associated filter for the 5391 Security Policy rule. Data traffic flow (inbound/outbound) 5392 comparison against the associated filter provide the basis 5393 in which a Security Policy rule is applied to the given data 5394 traffic flow." 5395 ::= { cSecPolicyRuleEntry 4 } 5397 cSecPolicyRuleAction OBJECT-TYPE 5398 SYNTAX INTEGER { protect(1), bypass(10), discard(20), 5399 discardInbound(21), discardOutbound(22) } 5400 MAX-ACCESS read-create 5401 STATUS current 5402 DESCRIPTION 5403 "This object indicates what action the ECU should take on 5404 matching a data traffic flow against a filter (as defined by 5405 cSecPolicyRuleFilterReference). The value of this column can 5406 take one of four enumeration values. 5408 [1] protect: The 'protect' enumeration value indicates that 5409 the data traffic flow should be protected by a Secure 5410 Connection with attributes defined by the associated filter 5411 (cSecPolicyRuleFilterReference). 5413 [10] bypass: The 'bypass' enumeration value indicates that 5414 the data traffic flow should be bypassed with no 5415 cryptographic protection/services provided. 5417 [20] discard: The 'discard enumeration value indicates that 5418 the data traffic flow, agnostic of their direction, should 5419 be discarded. 5421 [21] discardInbound: The 'discardInbound' enumeration value 5422 indicates that an inbound data traffic flow should be 5423 discarded. 5425 [22] discardOutbound: The 'discardOutbound' enumeration 5426 value indicates that an outbound data traffic flow should be 5427 discarded. 5429 Implementations that do not support the 'discardInbound' and 5430 'discardOutbound' enumeration values should return a 5431 wrongValue exception during a SET to the 5432 cSecPolicyRuleAction object. 5434 A valid enumeration value must be specified in order for 5435 cSecPolicyRuleRowStatus to be 'active'." 5436 ::= { cSecPolicyRuleEntry 5 } 5438 cSecPolicyRuleRowStatus OBJECT-TYPE 5439 SYNTAX RowStatus 5440 MAX-ACCESS read-create 5441 STATUS current 5442 DESCRIPTION 5443 "The status of the row, by which new entries may be created, 5444 or old entries deleted from this table. 5446 Entries created within this table may not become active 5447 unless all read-create columns in this table have valid 5448 values, as detailed by each individual column's description. 5450 At a minimum, implementations must support createAndGo and 5451 destroy management functions. Support for createAndWait, 5452 active, notInService, and notReady management functions is 5453 optional." 5454 ::= { cSecPolicyRuleEntry 6 } 5456 -- ***************************************************************** 5457 -- Module Conformance Information 5458 -- ***************************************************************** 5460 cSecurePolicyCompliances OBJECT IDENTIFIER 5461 ::= { cSecurePolicyConformance 1 } 5463 cSecurePolicyGroups OBJECT IDENTIFIER 5464 ::= { cSecurePolicyConformance 2 } 5466 cSecurePolicyCompliance MODULE-COMPLIANCE 5467 STATUS current 5468 DESCRIPTION 5469 "Compliance levels for secure policy information." 5470 MODULE 5471 MANDATORY-GROUPS { cSecurePolicyGroup } 5472 GROUP cSecurePolicyNotifyGroup 5473 DESCRIPTION 5474 "This notification group is optional for implementation." 5475 ::= { cSecurePolicyCompliances 1 } 5477 cSecurePolicyGroup OBJECT-GROUP 5478 OBJECTS { 5479 cSecPolicyRuleTableCount, 5480 cSecPolicyRuleTableLastChanged, 5481 cSecPolicyRulePriorityID, 5482 cSecPolicyRuleDescription, 5483 cSecPolicyRuleType, 5484 cSecPolicyRuleFilterReference, 5485 cSecPolicyRuleAction, 5486 cSecPolicyRuleRowStatus 5487 } 5488 STATUS current 5489 DESCRIPTION 5490 "This group is composed of objects related to secure policy 5491 information." 5492 ::= { cSecurePolicyGroups 1 } 5494 cSecurePolicyNotifyGroup NOTIFICATION-GROUP 5495 NOTIFICATIONS { 5496 cSecPolicyChanged 5497 } 5498 STATUS current 5499 DESCRIPTION 5500 "This group is composed of notifications related to secure 5501 policy information." 5502 ::= { cSecurePolicyGroups 2 } 5504 END 5506 5.8. Secure Connection Information 5508 This module makes reference to: Section 5.2, [RFC2578], [RFC2579], 5509 [RFC2580], [RFC3411], and [RFC4303]. 5511 CC-SECURE-CONNECTION-INFO-MIB DEFINITIONS ::= BEGIN 5513 IMPORTS 5514 ccSecureConnectionInfo 5515 FROM CC-FEATURE-HIERARCHY-MIB -- FROM Sec 5.2 5516 OBJECT-TYPE, Unsigned32, NOTIFICATION-TYPE, 5517 MODULE-IDENTITY 5518 FROM SNMPv2-SMI -- FROM RFC 2578 5519 MODULE-COMPLIANCE, OBJECT-GROUP, 5520 NOTIFICATION-GROUP 5521 FROM SNMPv2-CONF -- FROM RFC 2580 5522 SnmpAdminString 5523 FROM SNMP-FRAMEWORK-MIB -- FROM RFC 3411 5524 RowStatus, DateAndTime, TimeStamp 5525 FROM SNMPv2-TC; -- FROM RFC 2579 5527 ccSecureConnectionInfoMIB MODULE-IDENTITY 5528 LAST-UPDATED "201609302154Z" 5529 ORGANIZATION "CCMIB CCB" 5530 CONTACT-INFO 5531 "CC MIB Configuration Control Board 5532 Email: CCMIB.CCB@us.af.mil" 5533 DESCRIPTION 5534 "This MIB defines the CC MIB Secure Connection Information 5535 objects. 5537 Copyright (c) 2019 IETF Trust and the persons 5538 identified as authors of the code. All rights reserved. 5540 Redistribution and use in source and binary forms, with 5541 or without modification, is permitted pursuant to, and 5542 subject to the license terms contained in, the Simplified 5543 BSD License set forth in Section 4.c of the IETF Trust's 5544 Legal Provisions Relating to IETF Documents 5545 (http://trustee.ietf.org/license-info). 5547 This version of this MIB module is part of RFC xxxx; 5548 see the RFC itself for full legal notices." 5549 -- RFC Ed.: RFC-editor please fill in xxxx. 5550 REVISION "201609302154Z" 5551 DESCRIPTION "CC MIB 1.0.5 FINAL. Published as RFC xxxx." 5552 -- RFC Ed.: RFC-editor please fill in xxxx. 5553 ::= { ccSecureConnectionInfo 1 } 5555 -- ***************************************************************** 5556 -- Secure Connection Info Information Segments 5557 -- ***************************************************************** 5559 cSecureConnectionConformance OBJECT IDENTIFIER 5560 ::= { ccSecureConnectionInfoMIB 1 } 5561 cSecureConnectionInfo OBJECT IDENTIFIER 5562 ::= { ccSecureConnectionInfoMIB 2 } 5563 cSecureConnectionInfoScalars OBJECT IDENTIFIER 5564 ::= { ccSecureConnectionInfoMIB 3 } 5565 cSecureConnectionInfoNotify OBJECT IDENTIFIER 5566 ::= { ccSecureConnectionInfoMIB 4 } 5568 -- ***************************************************************** 5569 -- Secure Connection Info Scalars 5570 -- ***************************************************************** 5572 -- ***************************************************************** 5573 -- Secure Connection Info Notifications 5574 -- ***************************************************************** 5576 cSecConnectionEstablished NOTIFICATION-TYPE 5577 OBJECTS { cSecConTableID } 5578 STATUS current 5579 DESCRIPTION 5580 "A notification indicating that a new Secure Connection was 5581 successfully established." 5582 ::= { cSecureConnectionInfoNotify 1 } 5584 cSecConnectionDeleted NOTIFICATION-TYPE 5585 OBJECTS { cSecConTableID } 5586 STATUS current 5587 DESCRIPTION 5588 "A notification indicating that an existent Secure 5589 Connection was successfully deleted." 5590 ::= { cSecureConnectionInfoNotify 2 } 5592 -- ***************************************************************** 5593 -- CC MIB cSecConTable 5594 -- ***************************************************************** 5596 cSecConTableCount OBJECT-TYPE 5597 SYNTAX Unsigned32 5598 MAX-ACCESS read-only 5599 STATUS current 5600 DESCRIPTION 5601 "The number of rows in the cSecConTable." 5602 ::= { cSecureConnectionInfo 1 } 5604 cSecConTableLastChanged OBJECT-TYPE 5605 SYNTAX TimeStamp 5606 MAX-ACCESS read-only 5607 STATUS current 5608 DESCRIPTION 5609 "The last time any entry in the table was modified, created, 5610 or deleted by either SNMP, agent, or other management method 5611 (e.g., via an HMI). Managers can use this object to ensure 5612 that no changes to configuration of this table have happened 5613 since the last time it examined the table. A value of 0 5614 indicates that no entry has been changed since the agent 5615 initialized. The value in CC-DEVICE-INFO-MIB cSystemUpTime 5616 should be used to populate this column." 5617 ::= { cSecureConnectionInfo 2 } 5619 cSecConTable OBJECT-TYPE 5620 SYNTAX SEQUENCE OF CSecConEntry 5621 MAX-ACCESS not-accessible 5622 STATUS current 5623 DESCRIPTION 5624 "The cSecConTable stores general Secure Connection 5625 (active/inactive) information associated with the ECU. This 5626 table provides the base/common information for Secure 5627 Connections." 5628 ::= { cSecureConnectionInfo 3 } 5630 cSecConEntry OBJECT-TYPE 5631 SYNTAX CSecConEntry 5632 MAX-ACCESS not-accessible 5633 STATUS current 5634 DESCRIPTION 5635 "A row containing general information about an 5636 active/inactive Secure Connection." 5637 INDEX { cSecConTableID } 5638 ::= { cSecConTable 1 } 5640 CSecConEntry ::= SEQUENCE { 5641 cSecConTableID Unsigned32, 5642 cSecConType OCTET STRING, 5643 cSecConDataPlaneID OCTET STRING, 5644 cSecConDirection INTEGER, 5645 cSecConKeyReference OCTET STRING, 5646 cSecConCryptographicSuite OCTET STRING, 5647 cSecConEstablishmentTime DateAndTime, 5648 cSecConStatus OCTET STRING, 5649 cSecConRowStatus RowStatus, 5650 cSecConRemoteKeyReference OCTET STRING 5651 } 5653 cSecConTableID OBJECT-TYPE 5654 SYNTAX Unsigned32 5655 MAX-ACCESS read-only 5656 STATUS current 5657 DESCRIPTION 5658 "Local unique index that identifies a Secure Connection. 5659 This column is the primary index to the cSecConTable." 5660 ::= { cSecConEntry 1 } 5662 cSecConType OBJECT-TYPE 5663 SYNTAX OCTET STRING 5664 MAX-ACCESS read-create 5665 STATUS current 5666 DESCRIPTION 5667 "Optional column that defines the related protocol type of 5668 the Secure Connection. Depending on this column's populated 5669 value, entries will vary in respect to which other 5670 columns/tables (if at all) are applicable to the Secure 5671 Connection. Example of values for this column are: 'ipsec' 5672 for Internet Protocol Security secure connections and 'tls' 5673 for Transport Layer Security/Secure Socket Layer secure 5674 connections." 5675 ::= { cSecConEntry 2 } 5677 cSecConDataPlaneID OBJECT-TYPE 5678 SYNTAX OCTET STRING 5679 MAX-ACCESS read-create 5680 STATUS current 5681 DESCRIPTION 5682 "The unique identifier associated with the Secure 5683 Connection, based on the Secure Connection protocol. 5685 Note, this is a free form OCTET STRING column where 5686 meaningful values/format are defined per Secure Connection 5687 protocol type basis. For instance, in an IPsec context 5688 (i.e., cSecConType value is set to 'ipsec'), this column 5689 would store the Security Parameter Index (SPI) for a given 5690 Encapsulating Security Payload Version 3 Security 5691 Association (RFC 4303 - Section 2.1.)." 5692 ::= { cSecConEntry 3 } 5694 cSecConDirection OBJECT-TYPE 5695 SYNTAX INTEGER { inbound(1), outbound(2), 5696 bidirectional(3) } 5697 MAX-ACCESS read-create 5698 STATUS current 5699 DESCRIPTION 5700 "The data plane traffic flow direction for the Secure 5701 Connection. 5703 [1] inbound: data plane traffic flow is incoming on the 5704 Secure Connection. 5706 [2] outbound: data plane traffic flow is outgoing on the 5707 Secure Connection. 5709 [3] bidirectional: data plane traffic flow is incoming and 5710 outgoing on the Secure Connection." 5712 ::= { cSecConEntry 4 } 5714 cSecConKeyReference OBJECT-TYPE 5715 SYNTAX OCTET STRING (SIZE(0..255)) 5716 MAX-ACCESS read-create 5717 STATUS current 5718 DESCRIPTION 5719 "Administrative string that references key material 5720 associated with the Secure Connection. This column 5721 references an entry (via table index value) in a key-related 5722 table in the CC-KEY-MANAGEMENT-MIB. 5724 If there is no appropriate value to populate with, this 5725 column would be populated with an empty string, ''." 5726 ::= { cSecConEntry 5 } 5728 cSecConCryptographicSuite OBJECT-TYPE 5729 SYNTAX OCTET STRING 5730 MAX-ACCESS read-create 5731 STATUS current 5732 DESCRIPTION 5733 "The set of cryptographic attributes (e.g. Encryption 5734 Algorithm, Integrity Algorithm) respective to the Secure 5735 Connection. Note, this is a free form OCTET STRING column, 5736 meaning implementations may utilize a standardized 5737 definition of string values that describe a set of 5738 cryptographic suites or use a proprietary definition of 5739 string values for supported cryptographic suites." 5740 ::= { cSecConEntry 6 } 5742 cSecConEstablishmentTime OBJECT-TYPE 5743 SYNTAX DateAndTime 5744 MAX-ACCESS read-create 5745 STATUS current 5746 DESCRIPTION 5747 "The local date and time when the Secure Connection was or 5748 will be established. The value in this column may be 5749 manually set to a date and time prior to the effective date 5750 of the key material (if associated) as referenced by the 5751 cSecConKeyReference column. If this column value is not 5752 manually configured with a date and time then the value will 5753 be automatically populated with the current cSystemDate 5754 value in respect to when the cSecConRowStatus column is 5755 first set to Active. 5757 Note, implementations may treat this column as an alpha date 5758 for the Secure Connection, and thus ascertain other Secure 5759 Connection-related values based on this time." 5761 ::= { cSecConEntry 7 } 5763 cSecConStatus OBJECT-TYPE 5764 SYNTAX OCTET STRING 5765 MAX-ACCESS read-create 5766 STATUS current 5767 DESCRIPTION 5768 "Column that provides the current status of the Secure 5769 Connection. Note, this is a free form OCTET STRING column 5770 where meaningful values are defined per Secure Connection 5771 protocol type basis (i.e., as defined by the cSecConType 5772 value) or per implementation basis. 5774 If there is no appropriate value to populate with, this 5775 column would be populated with an empty string, ''." 5776 ::= { cSecConEntry 8 } 5778 cSecConRowStatus OBJECT-TYPE 5779 SYNTAX RowStatus 5780 MAX-ACCESS read-create 5781 STATUS current 5782 DESCRIPTION 5783 "The status of the row, by which new entries may be created, 5784 or old entries deleted from this table. 5786 Entries created within this table may not become active 5787 unless all read-create columns in this table have valid 5788 values, as detailed by each individual column's description. 5790 The set of RowStatus enumerations that must be supported is 5791 dependent on the type of secure connection. At a minimum, 5792 implementations must support createAndGo and destroy if the 5793 secure connection can be created and destroyed by the 5794 manager. Implementations must support active and 5795 notInService if the secure connection can be 5796 enabled/disabled by the manager." 5797 ::= { cSecConEntry 9 } 5799 cSecConRemoteKeyReference OBJECT-TYPE 5800 SYNTAX OCTET STRING (SIZE(0..255)) 5801 MAX-ACCESS read-create 5802 STATUS current 5803 DESCRIPTION 5804 "Administrative string that references remote key material 5805 associated with the Secure Connection (i.e., the remote key 5806 material used by the peer to establish the Secure 5807 Connection. This column references an entry (via table index 5808 value) in cRemoteKeyMaterialTable (CC-KEY-MANAGEMENT-MIB). 5810 If there is no appropriate value to populate with, this 5811 column would be populated with an empty string, ''" 5812 ::= {cSecConEntry 10} 5814 -- ***************************************************************** 5815 -- Module Conformance Information 5816 -- ***************************************************************** 5818 cSecureConnectionCompliances OBJECT IDENTIFIER 5819 ::= { cSecureConnectionConformance 1} 5821 cSecureConnectionGroups OBJECT IDENTIFIER 5822 ::= { cSecureConnectionConformance 2} 5824 cSecureConnectionCompliance MODULE-COMPLIANCE 5825 STATUS current 5826 DESCRIPTION 5827 "Compliance levels for secure connection information." 5828 MODULE 5829 MANDATORY-GROUPS { cSecureConnectionGroup } 5831 GROUP cSecureConnectionNotifyGroup 5832 DESCRIPTION 5833 "This notification group is optional for implementation." 5835 OBJECT cSecConType 5836 MIN-ACCESS not-accessible 5837 DESCRIPTION 5838 "Implementation of this object is optional." 5839 ::= { cSecureConnectionCompliances 1 } 5841 cSecureConnectionGroup OBJECT-GROUP 5842 OBJECTS { 5843 cSecConTableCount, 5844 cSecConTableLastChanged, 5845 cSecConTableID, 5846 cSecConType, 5847 cSecConDataPlaneID, 5848 cSecConDirection, 5849 cSecConKeyReference, 5850 cSecConCryptographicSuite, 5851 cSecConEstablishmentTime, 5852 cSecConStatus, 5853 cSecConRowStatus, 5854 cSecConRemoteKeyReference 5855 } 5856 STATUS current 5857 DESCRIPTION 5858 "This group is composed of objects related to secure 5859 connection information." 5860 ::= { cSecureConnectionGroups 1 } 5862 cSecureConnectionNotifyGroup NOTIFICATION-GROUP 5863 NOTIFICATIONS { 5864 cSecConnectionEstablished, 5865 cSecConnectionDeleted 5866 } 5867 STATUS current 5868 DESCRIPTION 5869 "This group is composed of notifications related to secure 5870 connection information." 5871 ::= { cSecureConnectionGroups 2 } 5873 END 5875 6. IANA Considerations 5877 This document makes no requests of IANA. All of the object 5878 identifiers used in the document are defined in the IANA Private 5879 Enterprise Number (PEN) ccmib arc (34493). 5881 RFC EDITOR: Please delete the following note prior to publication 5883 NOTE: "cpsg" is undergoing a name change to "ccmib". 5885 7. Security Considerations 5887 SNMP versions prior to SNMPv3 did not include adequate security. 5888 Even if the network itself is secure (for example by using IPsec), 5889 there is no control as to who on the secure network is allowed to 5890 access and GET/SET (read/change/create/delete) the objects in this 5891 MIB module. 5893 Implementations SHOULD provide the security features described by the 5894 SNMPv3 framework (see [RFC3410]), and implementations claiming 5895 compliance to the SNMPv3 standard MUST include full support for 5896 authentication and privacy via the User-based Security Model (USM) 5897 [RFC3414] with the AES cipher algorithm [RFC3826]. Implementations 5898 MAY also provide support for the Transport Security Model (TSM) 5899 [RFC5591] in combination with a secure transport such as SSH 5900 [RFC5592] or TLS/DTLS [RFC6353]. 5902 Further, deployment of SNMP versions prior to SNMPv3 is NOT 5903 RECOMMENDED. Instead, it is RECOMMENDED to deploy SNMPv3 and to 5904 enable cryptographic security. It is then a customer/operator 5905 responsibility to ensure that the SNMP entity giving access to an 5906 instance of this MIB module is properly configured to give access to 5907 the objects only to those principals (users) that have legitimate 5908 rights to indeed GET or SET (change/create/delete) them. 5910 8. References 5912 8.1. Normative References 5914 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 5915 Requirement Levels", BCP 14, RFC 2119, 5916 DOI 10.17487/RFC2119, March 1997, . 5919 [RFC2578] McCloghrie, K., Ed., Perkins, D., Ed., and J. 5920 Schoenwaelder, Ed., "Structure of Management Information 5921 Version 2 (SMIv2)", STD 58, RFC 2578, 5922 DOI 10.17487/RFC2578, April 1999, . 5925 [RFC2579] McCloghrie, K., Ed., Perkins, D., Ed., and J. 5926 Schoenwaelder, Ed., "Textual Conventions for SMIv2", 5927 STD 58, RFC 2579, DOI 10.17487/RFC2579, April 1999, 5928 . 5930 [RFC2580] McCloghrie, K., Ed., Perkins, D., Ed., and J. 5931 Schoenwaelder, Ed., "Conformance Statements for SMIv2", 5932 STD 58, RFC 2580, DOI 10.17487/RFC2580, April 1999, 5933 . 5935 [RFC3411] Harrington, D., Presuhn, R., and B. Wijnen, "An 5936 Architecture for Describing Simple Network Management 5937 Protocol (SNMP) Management Frameworks", STD 62, RFC 3411, 5938 DOI 10.17487/RFC3411, December 2002, . 5941 [RFC3414] Blumenthal, U. and B. Wijnen, "User-based Security Model 5942 (USM) for version 3 of the Simple Network Management 5943 Protocol (SNMPv3)", STD 62, RFC 3414, 5944 DOI 10.17487/RFC3414, December 2002, . 5947 [RFC3826] Blumenthal, U., Maino, F., and K. McCloghrie, "The 5948 Advanced Encryption Standard (AES) Cipher Algorithm in the 5949 SNMP User-based Security Model", RFC 3826, 5950 DOI 10.17487/RFC3826, June 2004, . 5953 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 5954 Housley, R., and W. Polk, "Internet X.509 Public Key 5955 Infrastructure Certificate and Certificate Revocation List 5956 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 5957 . 5959 [RFC5591] Harrington, D. and W. Hardaker, "Transport Security Model 5960 for the Simple Network Management Protocol (SNMP)", 5961 STD 78, RFC 5591, DOI 10.17487/RFC5591, June 2009, 5962 . 5964 [RFC5592] Harrington, D., Salowey, J., and W. Hardaker, "Secure 5965 Shell Transport Model for the Simple Network Management 5966 Protocol (SNMP)", RFC 5592, DOI 10.17487/RFC5592, June 5967 2009, . 5969 [RFC5914] Housley, R., Ashmore, S., and C. Wallace, "Trust Anchor 5970 Format", RFC 5914, DOI 10.17487/RFC5914, June 2010, 5971 . 5973 [RFC6030] Hoyer, P., Pei, M., and S. Machani, "Portable Symmetric 5974 Key Container (PSKC)", RFC 6030, DOI 10.17487/RFC6030, 5975 October 2010, . 5977 [RFC6353] Hardaker, W., "Transport Layer Security (TLS) Transport 5978 Model for the Simple Network Management Protocol (SNMP)", 5979 STD 78, RFC 6353, DOI 10.17487/RFC6353, July 2011, 5980 . 5982 8.2. Informative References 5984 [RFC1213] McCloghrie, K. and M. Rose, "Management Information Base 5985 for Network Management of TCP/IP-based internets: MIB-II", 5986 STD 17, RFC 1213, DOI 10.17487/RFC1213, March 1991, 5987 . 5989 [RFC3410] Case, J., Mundy, R., Partain, D., and B. Stewart, 5990 "Introduction and Applicability Statements for Internet- 5991 Standard Management Framework", RFC 3410, 5992 DOI 10.17487/RFC3410, December 2002, . 5995 [RFC3418] Presuhn, R., Ed., "Management Information Base (MIB) for 5996 the Simple Network Management Protocol (SNMP)", STD 62, 5997 RFC 3418, DOI 10.17487/RFC3418, December 2002, 5998 . 6000 [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", 6001 RFC 4303, DOI 10.17487/RFC4303, December 2005, 6002 . 6004 Appendix A. Contributors 6006 The following people made technical contributions to this 6007 specification: 6009 o Shadi Azoum 6010 Naval Information Warfare Center Pacific 6011 shadi.azoum@navy.mil 6013 o Elliott Jones 6014 Naval Information Warfare Center Pacific 6015 elliott.jones@navy.mil 6017 o Lily Sun 6018 Naval Information Warfare Center Pacific 6019 lily.sun@navy.mil 6021 Authors' Addresses 6023 Jeffrey Sun 6024 Naval Information Warfare Center Pacific 6026 Email: sunjeff@spawar.navy.mil 6028 Mike Irani 6029 Naval Information Warfare Center Pacific 6031 Email: irani@spawar.navy.mil 6033 Tom Nguyen 6034 Naval Information Warfare Center Pacific 6036 Email: tmnguyen@spawar.navy.mil 6038 Ray Purvis 6039 The MITRE Corporation 6041 Email: rpurvis@mitre.org 6042 Sean Turner 6043 sn3rd 6045 Email: sean@sn3rd.com