Specifications
Security Target Version 1.0 9/29/2014
30
The evaluator shall examine the administrative guidance to ensure it instructs the administrator
how to establish communication with the audit server. The guidance must instruct how this
channel is established in a secure manner (e.g., IPsec, TLS). The evaluator checks the
administrative guidance to determine what action(s) is taken if the link between the TOE and audit
server is broken. This could be due to network connectivity being lost, or the secure protocol link
being terminated.
The evaluator shall examine the operational guidance to determine any activities that must take
place after connectivity is restored to ensure that local audit events captured during the period of
loss are synchronized with the audit trail on the audit server, and informs the administrator of any
limitations on the data that are able to be sent (for instance, if the duration of the outage is
significant, the local store may not contain all of the records that where generated during this
period).
The evaluator shall perform the following test for this requirement:
Test 1: The evaluator shall test the administrative guidance by establishing a link to the audit
server. Note that this will need to be done in order to perform the assurance activities prescribed
under FAU_GEN.1. The evaluator shall disrupt the communication link (e.g., unplug the network
cable, terminate the protocol link, shutdown the audit server) to determine that the action(s)
described in the administrative guide appropriately take place.
5.2.2 Cryptographic support (FCS)
5.2.2.1 Cryptographic Key Generation (Symmetric Keys for WPA2 Connections) (FCS_CKM.1(1))
FCS_CKM.1.1(1)
Refinement: The TSF shall derive symmetric cryptographic keys in accordance with a specified
cryptographic key derivation algorithm [PRF-384] with specified cryptographic key size [128 bits]
using a Random Bit Generator as specified in FCS_RBG_EXT.1 and that meet the following:
[802.11-2007].
Component Assurance Activity:
The cryptographic primitives will be verified through assurance activities specified later in this
PP. The evaluator shall verify that the TSS describes how the primitives defined and implemented
by this PP are used by the TOE in establishing and maintaining secure connectivity to the wireless
clients. The TSS shall also provide a description of the developer’s method(s) of assuring that
their implementation conforms to the cryptographic standards; this includes not only testing done
by the developing organization, but also any third-party testing that is performed. The evaluator
shall ensure that the description of the testing methodology is of sufficient detail to determine the
extent to which the details of the protocol specifics are tested.
5.2.2.2 Cryptographic Key Generation (Asymmetric Keys) (FCS_CKM.1(2))
FCS_CKM.1.1(2)
Refinement: The TSF shall generate asymmetric cryptographic keys used for key establishment in
accordance with [
- NIST Special Publication 800-56A, 'Recommendation for Pair-Wise Key Establishment
Schemes Using Discrete Logarithm Cryptography' for elliptic curve-based key
establishment schemes and implementing 'NIST curves' P-256, P-384 and [no other
curves] (as defined in FIPS PUB 186-3, 'Digital Signature Standard');
- NIST Special Publication 800-56B, 'Recommendation for Pair-Wise Key Establishment
Schemes Using Integer Factorization Cryptography' for RSA-based key establishment
schemes]
and specified cryptographic key sizes equivalent to, or greater than, a symmetric key strength of
112 bits.