Specifications
Security Target Version 1.0 9/29/2014
14
• Security audit
• Cryptographic support
• User data protection
• Identification and authentication
• Security management
• Protection of the TSF
• Resource utilisation
• TOE access
• Trusted path/channels
The TOE protects itself from tampering and bypass through several mechanisms implemented by the TOE and the
operating environment. The underlying operating system separates processes into separate domains and prevents one
process from accessing memory space of another process. The operating system is non-modifiable and the interfaces
are strictly limited. The TOE relies on physical security to protect data transmitted between the TOE components
from unauthorized modification. Remote administration used by administrators to manage the TOE is secured
through TLS (Web GUI) or SSH (CLI). All administrators must be identified and authenticated either by the TOE or
an external authentication server. Inactive sessions are terminated after an administrator-specified time period. In
addition to authentication, the TOE also verifies that users are authorized to perform management functions based
on their roles. An internal real-time clock chip and/or external NTP server provide the reliable time source and
external syslog server stores and protects the audit trail from tampering.
The sections below summarize the security functions provided by the TOE.
2.2.2.1 Security audit
The TOE is capable of auditing security relevant events such as logins, administrator actions, use of trusted channel
and path, cryptographic operations, resource limitation exceeded, etc. Each audit event includes the date and time of
the event, the type of event, the subject identity (if applicable), and the outcome of the event. The administrator can
include and exclude events to be audited based on specific criteria.
The TOE may utilize its internal real-time clock chip and/or an extenral NTP server to provide a reliable timestamp
and syslog server to store and protect the audit trail. The administrator is provided an interface in the operating
environment to read audit logs and that interface is restricted.
2.2.2.2 Cryptographic support
The TOE has been certified as a FIPS 140-2 cryptographic module (FIPS 140-2 certified Certificates #:1297, #1116,
#1109, #1077, #1075, #1727, #1838, #1828, and #1815). The FIPS overall level is 2.The logical interfaces used for
the input and output of plaintext cryptographic key components, authentication data, and CSPs are logically
separated from all other interfaces using a trusted path where "trusted path" is interpreted to include a
communications channel established using a FIPS 140-2 Level 2 cryptographic module and the HTTPS protocol
between the cryptomodule and the external IT entity. The cryptographic module only employs FIPS-Approved
RNG, key generation, establishment, zeroization, encryption, digital signature, and hashing algorithms as specified
by the FCS requirements.
2.2.2.3 User data protection
The TOE ensures that any data packets passing through do not inadvertently contain any residual information that
might be disclosed inappropriately.
2.2.2.4 Identification and authentication
The TOE can maintain administrator and user attributes, including credentials such as username and password for
administrators and session key and role for remote authenticated users (username and password are stored in the