Manuals / Nortel Networks / Computer Equipment / Network Router

Nortel Networks 7.11, 7.05 manual Assurance Requirements, Assurance Components

Models: 7.11 7.05

1 67

Download 67 pages 33.01 Kb

Page 41

Security Target, Version 3.9	March 18, 2008

5.3 Assurance Requirements

This section defines the assurance requirements for the TOE. The assurance requirements are taken from Part 3 of the CC and are EAL 4 augmented with ALC_FLR.2. Table 6 below summarizes the components.

Table 6 - Assurance Components

		Assurance Requirements
		Assurance Requirements

	Class ACM:	ACM_AUT.1 Partial CM automation
	Configuration management
	Configuration management	ACM_CAP.4 General support and acceptance procedures
		ACM_CAP.4 General support and acceptance procedures

		ACM_SCP.2 Problem tracking CM coverage

	Class ADO:	ADO_DEL.2 Detection of modification
	Delivery and operation
	Delivery and operation	ADO_IGS.1 Installation, generation, and start-up procedures
		ADO_IGS.1 Installation, generation, and start-up procedures

	Class ADV:	ADV_FSP.2 Fully defined external interfaces
	Development
	Development	ADV_HLD.2 Security-enforcing high-level design
		ADV_HLD.2 Security-enforcing high-level design

		ADV_IMP.1 Subset of the implementation of the TSF

		ADV_LLD.1 Descriptive low-level design

		ADV_RCR.1 Informal correspondence demonstration

		ADV_SPM.1 Informal TOE security policy model

	Class AGD:	AGD_ADM.1 Administrator guidance
	Guidance documents
	Guidance documents	AGD_USR.1 User guidance
		AGD_USR.1 User guidance

	Class ALC:	ALC_DVS.1 Development security
	Life cycle support
	Life cycle support	ALC_FLR.2 Flaw reporting procedures
		ALC_FLR.2 Flaw reporting procedures

		ALC_LCD.1 Developer defined Life cycle model

		ALC_TAT.1 Well-defined development tools

	Class ATE:	ATE_COV.2 Analysis of coverage
	Tests
	Tests	ATE_DPT.1 Testing: high-level design
		ATE_DPT.1 Testing: high-level design

		ATE_FUN.1 Functional testing

		ATE_IND.2 Independent testing – sample

	Class AVA:	AVA_MSU.2 Validation of analysis
	Vulnerability assessment
	Vulnerability assessment	AVA_SOF.1 Strength of TOE security function evaluation
		AVA_SOF.1 Strength of TOE security function evaluation

		AVA_VLA.2 Independent vulnerability analysis

Nortel VPN Router v7.05 and Client Workstation v7.11	Page 41 of 67
© 2008 Nortel Networks

Image 41

Nortel Networks 7.11, 7.05 manual Assurance Requirements, Assurance Components

Contents

Prepared for Evaluation Assurance Level EAL 4+ Document VersionPrepared by Nortel NetworksVersion Revision HistoryModification Date Modified ByTABLE OF CONTENTS Table of ContentsTOE SUMMARY SPECIFICATION REVISION HISTORYTable of Tables Table of FiguresPROTECTION PROFILE CLAIMS RATIONALE1.1 Purpose 1 Security Target Introduction1.2 Security Target, TOE and CC Identification and Conformance Table 1 - ST, TOE, and CC Identification and Conformance1.3.1 Conventions 1.3 Conventions, Acronyms, and Terminology1.3.2 Terminology Table 2 - TerminologyPage 7 of Primary Admin passwordView Nortel VPN Router rights 2 TOE Description Figure 1 - VPN Client Deployment Configuration of the TOE2.1 Product Type 2.2 Product DescriptionFigure 2 - Branch Office Deployment Configuration of the TOE 2.3 TOE Boundaries and Scope Figure 4 - Physical TOE Boundary in Branch Office Tunnel Mode2.3.1 Physical Boundary Figure 3 - Physical TOE Boundary2.3.1.1 TOE Environment 2.3.2 Logical BoundaryFigure 6 - TOE Logical Boundary in Branch Office Tunnel Mode Nortel VPN Switch Software VxWorks OS Contivity Hardware ApplianceThe World Software2.3.2.3 User Data Protection 2.3.2.1 Security Audit2.3.2.2 Cryptographic Support 2.3.2.5 Security Management 2.3.2.4 Identification and Authentication2.3.2.6 Protection of the TOE Security Functions 2.3.2.7 Trusted Path/Channels2.3.3 Excluded TOE Functionality 3.2 Threats to Security 3 TOE Security Environment3.1 Assumptions 3.2.2 Threats Addressed by the TOE Environment 3.2.1 Threats Addressed by the TOET.HACK TE.PHYSICAL4.1 Security Objectives for the TOE 4 Security Objectives4.2.2 Non-IT Security Objectives 4.2 Security Objectives for the Environment4.2.1 IT Security Objectives Table 3 - TOE Security Functional Requirements 5 IT Security Requirements5.1 TOE Security Functional Requirements Page 21 of FAUGEN.1 Audit Data Generation 5.1.1 Class FAU Security AuditFAUSAR.1 Audit review Table 4 - Auditable EventsPage 23 of Dependencies FAUGEN.1 Audit data generationFCSCKM.1a 5.1.2 Class FCS Cryptographic SupportCryptographic key generation Diffie-Hellman FCSCKM.1bFCSCOP.1b Cryptographic operation authenticationFCSCOP.1d Cryptographic operation random number generationFCSCKM.1 Cryptographic key generation FDPITC.2 Import of user data with security attributes, orFCSCKM.4 Cryptographic key destruction FMTMSA.2 Secure security attributesFDPACF.1 Security attribute based access control FDPACC.2 Complete access control5.1.3 Class FDP User Data Protection FDPIFC.2a Complete information flow control VPNFDPIFF.1a Simple security attributes VPN FDPIFC.2b Complete information flow control FirewallFDPIFF.1b Simple security attributes Firewall Page 30 of FDPUCT.1 Basic data exchange confidentialityFDPUIT.1 Data exchange integrity FIAUAU.1 Timing of authentication 5.1.4 Class FIA Identification and AuthenticationFIAUAU.5 Multiple authentication mechanisms FIAUID.2 User identification before any actionPage 32 of FMTMOF.1a Management of security functions behaviour 5.1.5 Class FMT Security ManagementFMTMOF.1b Management of security functions behaviour FMTMSA.1a Management of security attributesFMTMSA.2 Secure security attributes FMTMSA.1c Management of security attributesFMTMSA.3a Static attribute initialisation Page 34 ofFMTMSA.3b Static attribute initialisation FMTSMF.1 Specification of Management FunctionsFMTMSA.3c Static attribute initialisation FMTSMR.1 Security rolesPage 36 of The TSF shall be able to associate users with rolesFPTTST.1 TSF testing FPTAMT.1 Abstract machine testing5.1.6 Class FPT Protection of the TSF FPTRPL.1 Replay detectionFTPTRP.1 Trusted path 5.1.7 Class FTP Trusted Path/ChannelsFPTRVM.1 Non-bypassability of the TSP 5.2 Security Functional Requirements on the IT EnvironmentFPTSEP.1 TSF domain separation FPTSTM.1 Reliable time stampsPage 40 of Table 6 - Assurance Components 5.3 Assurance Requirements6.1 TOE Security Functions 6 TOE Summary SpecificationConfiguration Log 6.1.1 Security AuditAccounting Logs Security LogTOE Security Functional Requirements Satisfied FAUGEN.1, FAUSAR.1 System LogEvent Log Table 9 - FIPS-Validated Cryptographic Algorithms 6.1.2 Cryptographic SupportTable 8 - FIPS Validated Modules Page 46 of 6.1.3 User Data Protection6.1.5 Security Management 6.1.4 Identification and Authentication6.1.6.2 Conditional Self-Tests 6.1.6.1 Power-Up Self-Tests6.1.6 Protection of the TOE Security Functions 6.1.7 Trusted Path/Channels 6.2 TOE Security Assurance MeasuresPage 50 of 8 Augmentation to EAL 4+ assurance level7.1 Protection Profile Reference 7 Protection Profile ClaimsTable 11 - Relationship of Security Threats to Objectives 8 Rationale8.1 Security Objectives Rationale T.HACK Page 54 of Nortel VPN Router v7.05 and Client Workstation2008 Nortel Networks Page 55 of 8.2 Security Functional Requirements RationaleRequirements Table 12 - Relationship of Security Requirements to ObjectivesObjectives  The Primary Admin access to all the administrative functions that are used to enforce the SFP FMTMSA.3a,b,c O.REPLAY 8.4 Rationale for Strength of Function 8.3 Security Assurance Requirements Rationale8.5 Dependency Rationale Table 13 - Functional Requirements DependenciesMet by hierarchical SFR FDPIFC.2 9 Met by hierarchical SFR FDPACC.2Met by hierarchical SFR FIAUID.2 SFR IDFDPUCT.1 8.6 TOE Summary Specification RationaleFCSCOP.1 8.6.2.3 Development 8.6.2.1 Configuration Management8.6.2.2 Secure Delivery and Operation 8.6.2.5 Life Cycle Support Documents 8.6.2.4 Guidance Documentation8.6.2.6 Tests Page 64 of8.6.2.7 Vulnerability and TOE Strength of Function Analyses 8.7 Strength of FunctionTable 15 - Acronyms 9 AcronymsPage 67 of