Specifications

Security Target Version 1.0 9/29/2014

For each section of RFC 5280, any non-conformance to 'MUST' or 'SHOULD' statements

shall be described;

Any TOE-specific extensions or processing that is not included in the standard that may

impact the security requirements the TOE is to enforce shall be described.

Additionally, the evaluator shall devise tests that show that the TOE processes certificates that

conform to the implementation described in the TSS; are able to form a certification path as

specified in the standard and in the TSS; and are able to validate certificates as specified in the

standard (certification path validation including CRL processing). This testing shall be described

in the team test plan.

It should be noted that future versions of this PP will have more explicit testing requirements for a

TOE's certificate handling capability. Additionally, protocol-specific certificate handling testing

will need to be performed and can be combined with the testing required by this assurance

activity.

The TSS shall describe all certificate stores implemented that contain certificates used to meet the

requirements of this PP. This description shall contain information pertaining to how certificates

are loaded into the store, and how the store is protected from unauthorized access.

The evaluator shall perform the following tests for each function in the system that requires the

use of certificates:

Test 1: The evaluator shall demonstrate that using a certificate without a valid certification path

results in the function failing. The evaluator shall then load a certificate or certificates needed to

validate the certificate to be used in the function, and demonstrate that the function succeeds. The

evaluator then shall delete one of the certificates, and show that the function fails.

5.2.5 Security management (FMT)

5.2.5.1 Management of Security Functions Behavior (FMT_MOF.1)

FMT_MOF.1.1

Refinement: The TSF shall restrict the ability to enable, disable, determine and modify the

behavior of all of the security functions of the TOE identified in this PP to the Authorized

Administrator.

Component Assurance Activity:

The evaluator shall review the operational guidance to determine that each of the functions

implemented in response to the requirements of this PP is identified, and that configuration

information is provided to ensure that only administrators have access to the functions. The

evaluator shall include in this list of functions to be examined those mechanisms dealing with

adding additional instances of a TOE to a configuration, and configuration of the multiple TOE

instances into a management hierarchy and/or redundant architecture. The evaluator shall examine

the TSS to determine that, for each administrative function identified in the operational guidance,

those that are accessible through an interface prior to administrator log-in are identified. For each

of these functions, the evaluator shall also confirm that the TSS details how the ability to

manipulate the configuration of the system through this interface is disallowed for non-

administrative users.

5.2.5.2 Management of TSF Data (General TSF Data) (FMT_MTD.1(1))

FMT_MTD.1.1(1)

The TSF shall restrict the ability to manage the TSF data to the Authorized Administrators.