1. EAGLE Application Processor Security Guide
  2. Secure Turnover to Customer

D Secure Turnover to Customer

To ensure security of systems delivered to our customers and to satisfy Oracle policies, all passwords must be owned by the customer once transfer of ownership of systems has occurred.

D.1 Secure Turnover Process

Three key requirements address the fundamental principles of the secure turnover process:

  • Oracle default passwords shall not remain on fielded systems.
  • Oracle default passwords shall not be revealed to customers.
  • Customer installed passwords shall not be known by Oracle.

Goals of the Secure Turnover Process

Following are the goals of the password handoff process:

  1. Install the system securely with Oracle internal default passwords (passwords exclusively known and used by Oracle personnel).
  2. Change the special account passwords during the installation process to a unique value (meeting password complexity rules required by the system).
  3. Provide a non-repudiation process for the customer agent to set all special passwords.

Secure Turnover Procedure

Perform the following steps for secure system turnover:

  1. System servers are installed by Oracle personnel using common ISO deliverables and installation procedures. The OS root password, OS admusr password, and the passwords for the default EPAP UI login accounts are from the build process, and are private and known only by Oracle.
  2. Following installation, the Oracle installer performs a login to each server OS (real and virtual) as admusr and changes the password to a new unique secure password. The Oracle installer then switches user to root and changes the root password to a new unique password.
  3. The Oracle installer uses a web browser to log in to the application on each relevant server using each default EPAP UI login name (such as uiadmin) and changes the password to a new unique password.
  4. As a precursor to the official handoff of the system (all servers) to the customer, the Oracle installer ensures that the new unique passwords for root, admusr, and default EPAP UI login accounts have been securely given to the authorized customer agent.
  5. The authorized customer agent is instructed to log in to each OS account on each server (real and virtual) and change the password for accounts admusr and root to the authorized operational setting for the customer.
  6. The customer agent is instructed to use a web browser to log in to each relevant application server and change the password for the default EPAP UI login accounts to the authorized operational password for the customer.
  7. Following the entry of the new passwords by the customer agent, the Oracle installer or authorized Oracle agent attempts to log in to each server using the previously known password. This should result in a failed login attempt verifiable in the server logs.
  8. The customer agent again logs in to each OS account and the default EPAP UI login accounts using the new customer passwords to verify success with the new customer passwords.