Specifications
Security Target Version 1.0 9/29/2014
35
all statements that are not 'MUST' (for example, 'MAY', 'SHOULD', 'SHOULD NOT',
etc.), if the TOE implements such options it shall be described in the TSS. If the included
functionality is indicated as 'SHOULD NOT' or 'MUST NOT' in the standard, the TSS
shall provide a rationale for why this will not adversely affect the security policy
implemented by the TOE;
For each section of each RFC, any omission of functionality related to 'MUST' or
'SHOULD' statements shall be described;
Any TOE-specific extensions, processing that is not included in the standard, or
alternative implementations allowed by the standard that may impact the security
requirements the TOE is to enforce shall be described.
The evaluator shall ensure the TSS identifies all servers/services that require or allow IPsec
connections. The evaluators shall also ensure that when performing testing and analysis activities,
the activities apply to all servers identified. The evaluators shall ensure that at least one instance of
every type of server is used in at least one test during the testing activities to provide assurance
that the identified communications can take place. The evaluators shall also ensure that the
configuration information (including product and version numbers) for the non-TOE endpoints of
these connections is recorded in the test report.
The evaluator shall also perform the following test for TOEs that implement IKEv2:
Test 1 [conditional]: The evaluator shall configure the TOE so that it will perform NAT traversal
processing as described in the TSS and RFC 4306, section 2.23. The evaluator shall initiate an
IPsec connection and determine that the NAT is successfully traversed.
FCS_IPSEC_EXT.1.2
The TSF shall ensure that only ESP confidentiality and integrity security service is used.
Assurance Activity:
The evaluator shall examine the TSS to verify that it describes how the 'confidentiality only' ESP
security service is disabled. The evaluator shall also examine the operational guidance to
determine that it describes any configuration necessary to ensure negotiation of 'confidentiality
only' security service for ESP is disabled, and that an advisory is present indicating that tunnel
mode is the preferred ESP mode since it protects the entire packet.
Test 1: The evaluator shall configure the TOE as indicated in the operational guidance, and
attempt to establish a connection using ESP using the 'confidentiality only' security service. This
attempt should fail. The evaluator shall then establish a connection using ESP using the
confidentiality and integrity security service.
FCS_IPSEC_EXT.1.3
The TSF shall ensure that IKEv1 Phase 1 exchanges use only main mode.
Assurance Activity:
The evaluator shall examine the TSS to ensure that, in the description of the IPsec protocol
supported by the TOE, it states that aggressive mode is not used for IKEv1 Phase 1 exchanges,
and that only main mode is used. If this requires configuration of the TOE prior to its operation,
the evaluator shall check the operational guidance to ensure that instructions for this configuration
are contained within that guidance. The evaluator shall also perform the following tests:
Test 1: The evaluator shall configure the TOE as indicated in the operational guidance, and
attempt to establish a connection using an IKEv1 Phase 1 connection in aggressive mode. This
attempt should fail. The evaluator should then show that main mode exchanges are supported.