Nortel Networks 7.11, 7.05 manual TOE Security Assurance Measures, Trusted Path/Channels

oRuns when a random number needs to be generated.

Continuous RNG for Entropy Gathering: Verifies that the seed for the FIPS 182-2 PRNG is not failing to a constant value.

oRuns when a seed for the RNG needs to be generated.

Pair-wise Consistency Test for RSA Key Generation: Verifies that a newly generated RSA public/private keypair works properly.

oRuns when an RSA public/private keypair is generated.

Software Load Test: Verifies the authenticity and integrity of new software binaries which are to be installed on the module.

oRuns when a new software image is loaded onto the module.

TOE Security Functional Requirements Satisfied: FPT_AMT.1, FPT_RPL.1, FPT_TST.1.

6.1.7 Trusted Path/Channels

Connections from the Nortel VPN Client to the Nortel VPN Router are initiated by the VPN users. IPSec is required to ensure that the communication is via trusted path. Because of this, trusted path connections between components of the TOE are logically distinct, and secure.

TOE Security Functional Requirements Satisfied: FTP_TRP.1.

6.2 TOE Security Assurance Measures

EAL 4 augmented with ALC_FLR.2 was chosen to provide a basic level of independently assured security. This section of the ST maps the assurance requirements of the TOE for a CC EAL 4+ (augmented with ALC_FLR.2) level of assurance to the assurance measures used for the development and maintenance of the TOE. The following table provides a mapping of the appropriate documentation to the TOE assurance requirements.

Table 10 - Assurance Measures Mapping to TOE Security Assurance Requirements (SARs)