Nortel Networks 7.05 IT Security Requirements, TOE Security Functional Requirements, ST Operation

Page 20

Security Target, Version 3.9	March 18, 2008

5 IT Security Requirements

This section defines the Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) met by the TOE as well as SFRs met by the TOE IT environment. These requirements are presented following the conventions identified in Section 1.3.1.

5.1 TOE Security Functional Requirements

This section specifies the SFRs for the TOE. This section organizes the SFRs by CC class. Table 3 identifies all SFRs implemented by the TOE and indicates the ST operations performed on each requirement.

Table 3 - TOE Security Functional Requirements

					ST Operation
					ST Operation

	SFR ID		Description		Selection	Assignment	Refinement	Iteration
					Selection	Assignment	Refinement	Iteration


	FAU_GEN.1		Audit Data Generation			
	FAU_GEN.1		Audit Data Generation

	FAU_SAR.1		Audit Review			
	FAU_SAR.1		Audit Review

	FCS_CKM.1(a)		Cryptographic Key Generation			
	FCS_CKM.1(a)		Cryptographic Key Generation

	FCS_CKM.4		Cryptographic Key Destruction			
	FCS_CKM.4		Cryptographic Key Destruction

	FCS_COP.1(a)		Cryptographic Operation					
	FCS_COP.1(a)		Cryptographic Operation

	FCS_COP.1(b)		Cryptographic Operation					
	FCS_COP.1(b)		Cryptographic Operation

	FCS_COP.1(d)		Cryptographic Operation					
	FCS_COP.1(d)		Cryptographic Operation

	FCS_COP.1(e)		Cryptographic Operation					
	FCS_COP.1(e)		Cryptographic Operation

	FCS_CKM.1(b)		Cryptographic Key Generation			
	FCS_CKM.1(b)		Cryptographic Key Generation

	FDP_ACC.2		Complete Access Control			
	FDP_ACC.2		Complete Access Control

	FDP_ACF.1		Security Attribute Based Access Control			
	FDP_ACF.1		Security Attribute Based Access Control

	FDP_IFC.2(a)		Complete Information Flow Control					
	FDP_IFC.2(a)		Complete Information Flow Control

	FDP_IFC.2(b)		Complete Information Flow Control					
	FDP_IFC.2(b)		Complete Information Flow Control

	FDP_IFF.1(a)		Simple Security Attributes					
	FDP_IFF.1(a)		Simple Security Attributes

	FDP_IFF.1(b)		Simple Security Attributes					
	FDP_IFF.1(b)		Simple Security Attributes

	FDP_UCT.1		Basic Data Exchange Confidentiality			
	FDP_UCT.1		Basic Data Exchange Confidentiality

	FDP_UIT.1		Data Exchange Integrity			
	FDP_UIT.1		Data Exchange Integrity

	FIA_UAU.1		Timing of Authentication			
	FIA_UAU.1		Timing of Authentication

	FIA_UAU.5		Multiple Authentication Mechanisms			
	FIA_UAU.5		Multiple Authentication Mechanisms

	FIA_UID.2		User Identification Before any Action

	FMT_MOF.1(a)		Management of Security Functions Behavior					
	FMT_MOF.1(a)		Management of Security Functions Behavior

	FMT_MOF.1(b)		Management of Security Functions Behavior					
	FMT_MOF.1(b)		Management of Security Functions Behavior

	FMT_MSA.1(a)		Management of Security Attributes					
	FMT_MSA.1(a)		Management of Security Attributes


Nortel VPN Router v7.05 and Client Workstation v7.11									Page 20 of 67
			© 2008 Nortel Networks

Image 20

Contents Nortel Networks Corsec Security, Inc Revision History Version Modification Date Modified By Description of ChangesTable of Contents Table of Figures Table of TablesProtection Profile Claims RationaleSecurity Target Introduction PurposeSecurity Target, TOE and CC Identification and Conformance ST, TOE, and CC Identification and ConformanceConventions, Acronyms, and Terminology ConventionsTerminology TerminologyPrimary Admin password Product Description TOE DescriptionProduct Type Branch Office Deployment Configuration of the TOE TOE Boundaries and Scope Physical BoundaryLogical Boundary TOE EnvironmentWorld EnterpriseUser Data Protection Security AuditCryptographic Support Identification and Authentication Security ManagementProtection of the TOE Security Functions Trusted Path/ChannelsExcluded TOE Functionality Threats to Security TOE Security EnvironmentAssumptions Threats Addressed by the TOE Threats Addressed by the TOE EnvironmentSecurity Objectives Security Objectives for the TOESecurity Objectives for the Environment IT Security ObjectivesNon-IT Security Objectives OE.TIMEIT Security Requirements TOE Security Functional RequirementsTOE Security Functional Requirements ST OperationDescription ST Operation Class FAU Security Audit FAUGEN.1 Audit Data GenerationFAUSAR.1 Audit review Auditable EventsDependencies FAUGEN.1 Audit data generation Class FCS Cryptographic Support FCSCKM.1a Cryptographic key generation Diffie-HellmanFCSCKM.1b Cryptographic key generation RSA FCSCKM.4 Cryptographic key destructionFCSCOP.1e Cryptographic operation hashing FCSCOP.1b Cryptographic operation authenticationFCSCOP.1d Cryptographic operation random number generation Security Target, Version March 18 FDPACC.2 Complete access control FDPACF.1 Security attribute based access controlClass FDP User Data Protection FDPIFC.2a Complete information flow control VPNFDPIFC.2b Complete information flow control Firewall FDPIFF.1a Simple security attributes VPNFDPIFF.1b Simple security attributes Firewall FDPUCT.1 Basic data exchange confidentiality FDPUIT.1 Data exchange integrityFDPUCT.1.1 FDPUIT.1.1Class FIA Identification and Authentication FIAUAU.1 Timing of authenticationFIAUAU.5 Multiple authentication mechanisms FIAUID.2 User identification before any actionDependencies No dependencies Class FMT Security Management FMTMOF.1a Management of security functions behaviourFMTMOF.1b Management of security functions behaviour FMTMSA.1a Management of security attributesFMTMSA.1c Management of security attributes FMTMSA.2 Secure security attributesFMTMSA.3a Static attribute initialisation FMTMSA.2.1FMTSMF.1 Specification of Management Functions FMTMSA.3b Static attribute initialisationFMTMSA.3c Static attribute initialisation FMTSMR.1 Security rolesFMTSMR.1.2 FPTAMT.1 Abstract machine testing FPTTST.1 TSF testingClass FPT Protection of the TSF FPTRPL.1 Replay detectionClass FTP Trusted Path/Channels FTPTRP.1 Trusted pathFTPTRP.1.1 FTPTRP.1.2Security Functional Requirements on the IT Environment FPTRVM.1 Non-bypassability of the TSPFPTSEP.1 TSF domain separation FPTSTM.1 Reliable time stampsSecurity Target, Version 3.9March 18 Assurance Requirements Assurance RequirementsAssurance Components TOE Summary Specification TOE Security FunctionsTOE Security Description FunctionConfiguration Log Security AuditAccounting Logs Security LogSystem Log Event LogCryptographic Support Fips Validated ModulesFIPS-Validated Cryptographic Algorithms Validation Modules Fips 140-2 Certificate #User Data Protection Identification and Authentication Security ManagementConditional Self-Tests Power-Up Self-TestsProtection of the TOE Security Functions TOE Security Assurance Measures Trusted Path/ChannelsTOE Security Functional Requirements Satisfied FTPTRP.1 Assurance Assurance Measure ComponentAugmentation to EAL 4+ assurance level Protection Profile Claims Protection Profile ReferenceRationale Security Objectives RationaleRelationship of Security Threats to Objectives TOE Objectives Environmental Objectives Non-ITHack Certificate Security Functional Requirements Rationale OE.CERTIFICATERelationship of Security Requirements to Objectives Objectives RequirementsFunctions and data EnvAble to access such functionality FMTMSA.3a,b,cReject packets based on their attributes IntegritySecurity Assurance Requirements Rationale Rationale for Strength of FunctionDependency Rationale Functional Requirements DependenciesFCSCOP.1 TOE Summary Specification Rationale Development Configuration ManagementSecure Delivery and Operation Tests Guidance DocumentationLife Cycle Support Documents Strength of Function Vulnerability and TOE Strength of Function AnalysesAcronyms AcronymsAcronym Definition DoDSHA