Nortel Networks 7.05, 7.11 manual Revision History

Page 2

Security Target, Version 3.9March 18, 2008

Revision History

 

Version

 

Modification Date

 

Modified By

 

Description of Changes

 

 

 

 

 

 

 

 

 

 

1.0

2005-05-31

 

Kiran Kadambari

 

Initial draft.

 

 

 

 

 

 

2.0

2006-01-17

 

Nathan Lee

 

Revised to use new document layout; addressed lab

 

 

 

 

 

 

 

verdicts; other miscellaneous edits to all sections for

 

 

 

 

 

 

 

accuracy, consistency, flow, and readability.

 

 

 

 

 

 

2.1

2006-09-04

 

Christie Kummers

 

Revised dependencies for SFRs. Minor updates

 

 

 

 

 

 

 

throughout.

 

 

 

 

 

 

3.0

2006-09-29

 

Christie Kummers

 

Minor updates throughout.

 

 

 

 

 

 

3.1

2006-10-25

 

Nathan Lee

 

Minor updates throughout.

 

 

 

 

 

 

3.2

2006-12-19

 

Christie Kummers

 

Updates and changes in response to Lab verdicts.

 

 

 

 

 

 

3.3

2007-3-02

 

Christie Kummers

 

Updates and changes in response to Lab verdicts.

 

 

 

 

 

Nathan Lee

 

 

 

 

 

 

 

 

3.4

2007-06-04

 

Christie Kummers

 

Updates and changes in response to Lab verdicts.

 

 

 

 

 

 

3.5

2008-02-05

 

Nathan Lee

 

Updated TOE version number and responded to

 

 

 

 

 

 

 

several lab verdicts.

 

 

 

 

 

 

3.6

2008-02-12

 

Nathan Lee

 

Updated TOE version build numbers.

 

 

 

 

 

 

3.7

2008-02-21

 

Nathan Lee

 

Updates and changes in response to Lab verdicts.

 

 

 

 

 

 

3.8

2008-03-18

 

Nathan Lee and Matt

 

Updates based on lab verdict clarifications and FIPS

 

 

 

 

 

Keller

 

validation details.

 

 

 

 

 

 

3.9

2008-03-18

 

Nathan Lee

 

Updated FIPS certificate numbers on 2009-01-21.

 

 

 

 

 

 

 

Marked document publication/revision date as “2008-

 

 

 

 

 

 

 

03-18” by request of CSEC.

 

 

 

 

 

 

 

 

Nortel VPN Router v7.05 and Client Workstation v7.11

Page 2 of 67

© 2008 Nortel Networks

 

Image 2
Contents Nortel Networks Corsec Security, Inc Revision History Version Modification Date Modified By Description of ChangesTable of Contents Protection Profile Claims Table of FiguresTable of Tables RationaleSecurity Target, TOE and CC Identification and Conformance Security Target IntroductionPurpose ST, TOE, and CC Identification and ConformanceTerminology Conventions, Acronyms, and TerminologyConventions TerminologyPrimary Admin password Product Description TOE DescriptionProduct Type Branch Office Deployment Configuration of the TOE TOE Boundaries and Scope Physical BoundaryLogical Boundary TOE EnvironmentWorld EnterpriseUser Data Protection Security AuditCryptographic Support Protection of the TOE Security Functions Identification and AuthenticationSecurity Management Trusted Path/ChannelsExcluded TOE Functionality Threats to Security TOE Security EnvironmentAssumptions Threats Addressed by the TOE Threats Addressed by the TOE EnvironmentSecurity Objectives Security Objectives for the TOENon-IT Security Objectives Security Objectives for the EnvironmentIT Security Objectives OE.TIMETOE Security Functional Requirements IT Security RequirementsTOE Security Functional Requirements ST OperationDescription ST Operation FAUSAR.1 Audit review Class FAU Security AuditFAUGEN.1 Audit Data Generation Auditable EventsDependencies FAUGEN.1 Audit data generation FCSCKM.1b Cryptographic key generation RSA Class FCS Cryptographic SupportFCSCKM.1a Cryptographic key generation Diffie-Hellman FCSCKM.4 Cryptographic key destructionFCSCOP.1e Cryptographic operation hashing FCSCOP.1b Cryptographic operation authenticationFCSCOP.1d Cryptographic operation random number generation Security Target, Version March 18 Class FDP User Data Protection FDPACC.2 Complete access controlFDPACF.1 Security attribute based access control FDPIFC.2a Complete information flow control VPNFDPIFC.2b Complete information flow control Firewall FDPIFF.1a Simple security attributes VPNFDPIFF.1b Simple security attributes Firewall FDPUCT.1.1 FDPUCT.1 Basic data exchange confidentialityFDPUIT.1 Data exchange integrity FDPUIT.1.1FIAUAU.5 Multiple authentication mechanisms Class FIA Identification and AuthenticationFIAUAU.1 Timing of authentication FIAUID.2 User identification before any actionDependencies No dependencies FMTMOF.1b Management of security functions behaviour Class FMT Security ManagementFMTMOF.1a Management of security functions behaviour FMTMSA.1a Management of security attributesFMTMSA.3a Static attribute initialisation FMTMSA.1c Management of security attributesFMTMSA.2 Secure security attributes FMTMSA.2.1FMTMSA.3c Static attribute initialisation FMTSMF.1 Specification of Management FunctionsFMTMSA.3b Static attribute initialisation FMTSMR.1 Security rolesFMTSMR.1.2 Class FPT Protection of the TSF FPTAMT.1 Abstract machine testingFPTTST.1 TSF testing FPTRPL.1 Replay detectionFTPTRP.1.1 Class FTP Trusted Path/ChannelsFTPTRP.1 Trusted path FTPTRP.1.2FPTSEP.1 TSF domain separation Security Functional Requirements on the IT EnvironmentFPTRVM.1 Non-bypassability of the TSP FPTSTM.1 Reliable time stampsSecurity Target, Version 3.9March 18 Assurance Requirements Assurance RequirementsAssurance Components TOE Security TOE Summary SpecificationTOE Security Functions Description FunctionAccounting Logs Configuration LogSecurity Audit Security LogSystem Log Event LogFIPS-Validated Cryptographic Algorithms Cryptographic SupportFips Validated Modules Validation Modules Fips 140-2 Certificate #User Data Protection Identification and Authentication Security ManagementConditional Self-Tests Power-Up Self-TestsProtection of the TOE Security Functions TOE Security Functional Requirements Satisfied FTPTRP.1 TOE Security Assurance MeasuresTrusted Path/Channels Assurance Assurance Measure ComponentAugmentation to EAL 4+ assurance level Protection Profile Claims Protection Profile ReferenceRelationship of Security Threats to Objectives RationaleSecurity Objectives Rationale TOE Objectives Environmental Objectives Non-ITHack Certificate Security Functional Requirements Rationale OE.CERTIFICATERelationship of Security Requirements to Objectives Objectives RequirementsFunctions and data EnvAble to access such functionality FMTMSA.3a,b,cReject packets based on their attributes IntegrityDependency Rationale Security Assurance Requirements RationaleRationale for Strength of Function Functional Requirements DependenciesFCSCOP.1 TOE Summary Specification Rationale Development Configuration ManagementSecure Delivery and Operation Tests Guidance DocumentationLife Cycle Support Documents Strength of Function Vulnerability and TOE Strength of Function AnalysesAcronym Definition AcronymsAcronyms DoDSHA