Call for tenders' details
Status
Submission date
10/07/2019
Answer date
15/07/2019
Language
Status
Answered
Question details
Subject
Reference to chapter 5.4.4 - (251) Log Management
Question
With reference to chapter 5.4.4 - (251) of cellar_9a2fe08f-4580-11e9-a8ed-01aa75ed71a1.0005.02_DOC_4.pdf - The log management system. Is it possible to activate data hashing using different algorithms? The hash algorithm used can be of the type "Message Digest Hash Algorithm" or "Secure Hash Algorithm (SHA) Hash Algorithm"? with the possibility of verifying the unalterability of the data collected using a special tool? The solution can guarantee that, when hashing is enabled, any log event creates a hash file. These hash files are used to verify that the events have not been modified. Hash files are generated in memory before the files are written to disk, so the logs cannot be tampered with before the hash files are generated.
Answer
15/07/2019
Yes, it is possible to use data hashing but this shall be of type SHA256 for RCA, EA or AA because of requirement (251) where the signing is based on key material from HSM and the possibility to reuse the algorithms defined in 6.1.4.1 Table 4.