Conventions, Acronyms, and Terminology | Nortel Networks 7.05, 7.11

	Security Target, Version 3.9		March 18, 2008


	Keywords	VPN, Router, Firewall, IPSec

1.3 Conventions, Acronyms, and Terminology

1.3.1 Conventions

There are several font variations used within this ST. Selected presentation choices are discussed here to aid the Security Target reader.

The CC allows for several operations to be performed on security requirements: assignment, refinement, selection and iteration. All of these operations are used within this ST. These operations are presented in the same manner in which they appear in Parts 2 and 3 of the CC with the following exceptions:

Completed assignment statements are identified using [italicized text within brackets]. Completed selection statements are identified using [underlined italicized text within brackets]. Refinements are identified using bold text. Any text removed is stricken (Example: TSF Data) and should be considered as a refinement.

Iterations are identified by appending a letter in parenthesis following the component title. For example, FAU_GEN.1(a) Audit Data Generation would be the first iteration and FAU_GEN.1(b) Audit Data Generation would be the second iteration.

1.3.2 Terminology

The acronyms used within this ST are described in Section 9 – “Acronyms.” TOE-specific terminology used throughout the Security Target is explained in Table 2 below:

			Table 2 - Terminology

	Term		Explanation

	Technology
	Technology

Contivity			Refers to the marketing name of the Nortel VPN Router.

	User Types

Primary Admin			The Primary Admin account has the ability to conduct all administrative privileges and
			rights of the TOE. The Primary Admin also has the ability to create and assign various
			rights to additional administrators. There can only be one Primary Admin of the TOE.

Restricted Admin			A Restricted Admin of the TOE has various administrative privileges as assigned by
			the Primary Admin. The types of privileges available to Restricted Admins are:
			Manage Nortel VPN Router
			View Nortel VPN Router
			Subgroups
			Manage Users
			View Users

Administrators			Refers to all administrators of the TOE (both the Primary Admin and any assigned
			Restricted Admins)

Users			Refers to VPN users or any person authorized to use the TOE but lacking
			administrative privileges.

Operators			Refers to any human that interacts with the TOE, including Administrators and Users.

	Privilege Types

Nortel VPN Router v7.05 and Client Workstation v7.11	Page 6 of 67
© 2008 Nortel Networks

Image 6

Nortel Networks 7.05, 7.11 manual Conventions, Acronyms, and Terminology

Contents

Nortel Networks Corsec Security, Inc Revision History Version Modification Date Modified By Description of Changes Table of Contents Protection Profile Claims Table of FiguresTable of Tables Rationale Security Target, TOE and CC Identification and Conformance Security Target IntroductionPurpose ST, TOE, and CC Identification and Conformance Terminology Conventions, Acronyms, and TerminologyConventions Terminology Primary Admin password TOE Description Product TypeProduct Description Branch Office Deployment Configuration of the TOE TOE Boundaries and Scope Physical Boundary Logical Boundary TOE Environment World Enterprise Security Audit Cryptographic SupportUser Data Protection Protection of the TOE Security Functions Identification and AuthenticationSecurity Management Trusted Path/Channels Excluded TOE Functionality TOE Security Environment AssumptionsThreats to Security Threats Addressed by the TOE Threats Addressed by the TOE Environment Security Objectives Security Objectives for the TOE Non-IT Security Objectives Security Objectives for the EnvironmentIT Security Objectives OE.TIME TOE Security Functional Requirements IT Security RequirementsTOE Security Functional Requirements ST Operation Description ST Operation FAUSAR.1 Audit review Class FAU Security AuditFAUGEN.1 Audit Data Generation Auditable Events Dependencies FAUGEN.1 Audit data generation FCSCKM.1b Cryptographic key generation RSA Class FCS Cryptographic SupportFCSCKM.1a Cryptographic key generation Diffie-Hellman FCSCKM.4 Cryptographic key destruction FCSCOP.1b Cryptographic operation authentication FCSCOP.1d Cryptographic operation random number generationFCSCOP.1e Cryptographic operation hashing Security Target, Version March 18 Class FDP User Data Protection FDPACC.2 Complete access controlFDPACF.1 Security attribute based access control FDPIFC.2a Complete information flow control VPN FDPIFC.2b Complete information flow control Firewall FDPIFF.1a Simple security attributes VPN FDPIFF.1b Simple security attributes Firewall FDPUCT.1.1 FDPUCT.1 Basic data exchange confidentialityFDPUIT.1 Data exchange integrity FDPUIT.1.1 FIAUAU.5 Multiple authentication mechanisms Class FIA Identification and AuthenticationFIAUAU.1 Timing of authentication FIAUID.2 User identification before any action Dependencies No dependencies FMTMOF.1b Management of security functions behaviour Class FMT Security ManagementFMTMOF.1a Management of security functions behaviour FMTMSA.1a Management of security attributes FMTMSA.3a Static attribute initialisation FMTMSA.1c Management of security attributesFMTMSA.2 Secure security attributes FMTMSA.2.1 FMTMSA.3c Static attribute initialisation FMTSMF.1 Specification of Management FunctionsFMTMSA.3b Static attribute initialisation FMTSMR.1 Security roles FMTSMR.1.2 Class FPT Protection of the TSF FPTAMT.1 Abstract machine testingFPTTST.1 TSF testing FPTRPL.1 Replay detection FTPTRP.1.1 Class FTP Trusted Path/ChannelsFTPTRP.1 Trusted path FTPTRP.1.2 FPTSEP.1 TSF domain separation Security Functional Requirements on the IT EnvironmentFPTRVM.1 Non-bypassability of the TSP FPTSTM.1 Reliable time stamps Security Target, Version 3.9March 18 Assurance Requirements Assurance ComponentsAssurance Requirements TOE Security TOE Summary SpecificationTOE Security Functions Description Function Accounting Logs Configuration LogSecurity Audit Security Log System Log Event Log FIPS-Validated Cryptographic Algorithms Cryptographic SupportFips Validated Modules Validation Modules Fips 140-2 Certificate # User Data Protection Identification and Authentication Security Management Power-Up Self-Tests Protection of the TOE Security FunctionsConditional Self-Tests TOE Security Functional Requirements Satisfied FTPTRP.1 TOE Security Assurance MeasuresTrusted Path/Channels Assurance Assurance Measure Component Augmentation to EAL 4+ assurance level Protection Profile Claims Protection Profile Reference Relationship of Security Threats to Objectives RationaleSecurity Objectives Rationale TOE Objectives Environmental Objectives Non-IT Hack Certificate Security Functional Requirements Rationale OE.CERTIFICATE Relationship of Security Requirements to Objectives Objectives Requirements Functions and data Env Able to access such functionality FMTMSA.3a,b,c Reject packets based on their attributes Integrity Dependency Rationale Security Assurance Requirements RationaleRationale for Strength of Function Functional Requirements Dependencies FCSCOP.1 TOE Summary Specification Rationale Configuration Management Secure Delivery and OperationDevelopment Guidance Documentation Life Cycle Support DocumentsTests Strength of Function Vulnerability and TOE Strength of Function Analyses Acronym Definition AcronymsAcronyms DoD SHA