Specifications

ManualsBrandsAruba ManualsComputer equipment620

Security Target Version 1.0 9/29/2014

Requirement Class

Requirement Component

FPT_RPL.1: Replay Detection

FPT_STM.1: Reliable Time Stamp

FPT_TST_EXT.1: Extended: TSF Testing

FPT_TUD_EXT.1: Extended: Trusted Update Resource Utilization (FRU)

FRU: Resource utilisation

FRU_RSA.1: Maximum Quotas TOE Access (FTA)

FTA: TOE access

FTA_SSL.3: TSF-initiated termination

FTA_SSL.4: User-initiated termination

FTA_SSL_EXT.1: TSF-initiated session locking

FTA_TAB.1: Default TOE Access Banners

FTA_TSE.1: TOE Session Establishment Trusted Path/Channels (FTP)

FTP: Trusted path/channels

FTP_ITC.1: Inter-TSF trusted channel

FTP_TRP.1: Trusted Path

Table 1 TOE Security Functional Components

5.2.1 Security audit (FAU)

5.2.1.1 Audit Data Generation (FAU_GEN.1)

FAU_GEN.1.1

The TSF shall be able to generate an audit record of the following auditable events: a) Start-up and

shutdown of the audit functions; b) All auditable events for the not specified level of audit; and c)

All administrative actions; d) [Specifically defined auditable events listed in Table 2 Audit

Events].

Requirement Auditable Events

Additional Audit

Record Content

Guidance Notes

FAU_GEN.1

None

FAU_GEN.2

None

FAU_SAR.1

None

FAU_SAR.2

None

FAU_SEL.1

All modifications to the

audit configuration that

occur while the audit

collection functions are

operating.

None

The command “show audit-trail”

as documented in [CLI] is used

to show a log of all

administrative actions. By

default, only commands which

change system behavior are

logged. By setting the

configuration parameter “audit-

trail all”, all commands will be

logged including commands

which do not alter system

behavior.

FAU_STG.1

None

FAU_STG_EXT.1

None

FAU_STG_EXT.3

Loss of connectivity.

None

Connectivity to the audit server

must be provided through an

IPsec tunnel. A failure of the

IPsec tunnel will indicate loss of

connectivity to the audit server.

See FCS_IPSEC_EXT.1 for

further guidance on IPsec failure

messages.

FCS_CKM.1(1)

Failure of the key

generation activity.

None

See [SYSLOG] message ID

124865, 124866