Page 60
Security Target, Version 3.9March 18, 2008
| | |
| authorized users with the ability to verify the integrity of TSF Data and TSF executable code |
| [FPT_AMT.1 and FPT_TST.1]. |
OE.TIME | The environment must provide reliable timestamps for the time-stamping of audit events. |
| Time stamps associated with an audit record must be reliable [FPT_STM.1]. |
OE.PROTECT | The environment must protect the TOE from interference and tampering by untrusted |
| subjects. |
| The IT Environment must protect the TOE from intentional attacks and unintentional interference |
| [FPT_SEP.1]. |
OE.NONBYPASS | The environment must ensure that TSP enforcement functions are invoked and |
| succeed before each function within the TSC is allowed to proceed. |
The IT Environment must ensure that the TOE receives reliable time information for time stamps from the Environment [FPT_RVM.1], and only receives it from an authorized and reliable source [FPT_STM.1].
8.3 Security Assurance Requirements Rationale
EAL 4+ was chosen to provide a basic level of independently assured security and thorough investigation of the TOE and its development. As such, minimal additional tasks are placed upon the vendor assuming the vendor follows reasonable software engineering practices and can provide support to the evaluation for design and testing efforts. The chosen assurance level is appropriate with the threats defined for the environment. While the TOE may operate in a hostile environment, it is expected to be protected by other products and processes designed to address threats that correspond with the intended environment. At EAL 4+, the TOE will have incurred an independent vulnerability analysis to support its introduction into the hostile environment.
The augmentation of ALC_FLR.2 was chosen to give greater assurance of the developer’s on-going flaw remediation processes.
8.4 Rationale for Strength of Function
The TOE minimum strength of function is SOF-basic. The evaluated TOE is intended to operate in commercial and DoD low robustness environments processing unclassified information. This security function is consistent with the security objectives described in Section 4.
8.5 Dependency Rationale
This ST satisfies all the requirement dependencies of the CC. Table 13 lists each requirement to which the TOE claims conformance with a dependency and indicates whether the dependent requirement was included. As indicated by the table, all dependencies have been met.
Table 13 - Functional Requirements Dependencies
| SFR ID | | Dependencies | | Dependency Met | |
| | | |
| | | | | | |
| FAU_GEN.1 | | FPT_STM.1 | | | |
| | | |
| | | | | | |
| FAU_SAR.1 | | FAU_GEN.1 | | | |
| | | |
| | | | | | |
| | | FCS_COP.1 | | | |
| FCS_CKM.1(a) | | FCS_CKM.4 | | | |
| | | |
| | | | |
| | | FMT_MSA.2 | | | |
| | | | | |
| | | | | | |
Nortel VPN Router v7.05 and Client Workstation v7.11 | | | Page 60 of 67 |
| | © 2008 Nortel Networks |
Contents
Nortel Networks Corsec Security, Inc
Revision History
Version Modification Date Modified By Description of Changes
Table of Contents
Table of Figures
Table of Tables
Protection Profile Claims
Rationale
Security Target Introduction
Purpose
Security Target, TOE and CC Identification and Conformance
ST, TOE, and CC Identification and Conformance
Conventions, Acronyms, and Terminology
Conventions
Terminology
Terminology
Primary Admin password
TOE Description
Product Type
Product Description
Branch Office Deployment Configuration of the TOE
TOE Boundaries and Scope
Physical Boundary
Logical Boundary
TOE Environment
World
Enterprise
Security Audit
Cryptographic Support
User Data Protection
Identification and Authentication
Security Management
Protection of the TOE Security Functions
Trusted Path/Channels
Excluded TOE Functionality
TOE Security Environment
Assumptions
Threats to Security
Threats Addressed by the TOE
Threats Addressed by the TOE Environment
Security Objectives
Security Objectives for the TOE
Security Objectives for the Environment
IT Security Objectives
Non-IT Security Objectives
OE.TIME
IT Security Requirements
TOE Security Functional Requirements
TOE Security Functional Requirements
ST Operation
Description ST Operation
Class FAU Security Audit
FAUGEN.1 Audit Data Generation
FAUSAR.1 Audit review
Auditable Events
Dependencies FAUGEN.1 Audit data generation
Class FCS Cryptographic Support
FCSCKM.1a Cryptographic key generation Diffie-Hellman
FCSCKM.1b Cryptographic key generation RSA
FCSCKM.4 Cryptographic key destruction
FCSCOP.1b Cryptographic operation authentication
FCSCOP.1d Cryptographic operation random number generation
FCSCOP.1e Cryptographic operation hashing
Security Target, Version March 18
FDPACC.2 Complete access control
FDPACF.1 Security attribute based access control
Class FDP User Data Protection
FDPIFC.2a Complete information flow control VPN
FDPIFC.2b Complete information flow control Firewall
FDPIFF.1a Simple security attributes VPN
FDPIFF.1b Simple security attributes Firewall
FDPUCT.1 Basic data exchange confidentiality
FDPUIT.1 Data exchange integrity
FDPUCT.1.1
FDPUIT.1.1
Class FIA Identification and Authentication
FIAUAU.1 Timing of authentication
FIAUAU.5 Multiple authentication mechanisms
FIAUID.2 User identification before any action
Dependencies No dependencies
Class FMT Security Management
FMTMOF.1a Management of security functions behaviour
FMTMOF.1b Management of security functions behaviour
FMTMSA.1a Management of security attributes
FMTMSA.1c Management of security attributes
FMTMSA.2 Secure security attributes
FMTMSA.3a Static attribute initialisation
FMTMSA.2.1
FMTSMF.1 Specification of Management Functions
FMTMSA.3b Static attribute initialisation
FMTMSA.3c Static attribute initialisation
FMTSMR.1 Security roles
FMTSMR.1.2
FPTAMT.1 Abstract machine testing
FPTTST.1 TSF testing
Class FPT Protection of the TSF
FPTRPL.1 Replay detection
Class FTP Trusted Path/Channels
FTPTRP.1 Trusted path
FTPTRP.1.1
FTPTRP.1.2
Security Functional Requirements on the IT Environment
FPTRVM.1 Non-bypassability of the TSP
FPTSEP.1 TSF domain separation
FPTSTM.1 Reliable time stamps
Security Target, Version 3.9March 18
Assurance Requirements
Assurance Components
Assurance Requirements
TOE Summary Specification
TOE Security Functions
TOE Security
Description Function
Configuration Log
Security Audit
Accounting Logs
Security Log
System Log
Event Log
Cryptographic Support
Fips Validated Modules
FIPS-Validated Cryptographic Algorithms
Validation Modules Fips 140-2 Certificate #
User Data Protection
Identification and Authentication
Security Management
Power-Up Self-Tests
Protection of the TOE Security Functions
Conditional Self-Tests
TOE Security Assurance Measures
Trusted Path/Channels
TOE Security Functional Requirements Satisfied FTPTRP.1
Assurance Assurance Measure Component
Augmentation to EAL 4+ assurance level
Protection Profile Claims
Protection Profile Reference
Rationale
Security Objectives Rationale
Relationship of Security Threats to Objectives
TOE Objectives Environmental Objectives Non-IT
Hack
Certificate
Security Functional Requirements Rationale
OE.CERTIFICATE
Relationship of Security Requirements to Objectives
Objectives Requirements
Functions and data
Env
Able to access such functionality
FMTMSA.3a,b,c
Reject packets based on their attributes
Integrity
Security Assurance Requirements Rationale
Rationale for Strength of Function
Dependency Rationale
Functional Requirements Dependencies
FCSCOP.1
TOE Summary Specification Rationale
Configuration Management
Secure Delivery and Operation
Development
Guidance Documentation
Life Cycle Support Documents
Tests
Strength of Function
Vulnerability and TOE Strength of Function Analyses
Acronyms
Acronyms
Acronym Definition
DoD
SHA
