Specifications
Security Target Version 1.0 9/29/2014
50
ability to remotely administer the TOE remotely from a wireless client shall be disabled by
default; are satisfied.
Component Assurance Activity:
The evaluator shall review the operational guidance to ensure that it contains instructions for
administering the TOE both locally and remotely, including any configuration that needs to be
performed on the client for remote administration. In the course of performing the testing activities
for the evaluation, the evaluator shall use all supported interfaces, although it is not necessary to
repeat each test involving an administrative action with each interface. The evaluator shall ensure,
however, that each supported method of administering the TOE that conforms to the requirements
of this PP be tested; for instance, if the TOE can be administered through a local hardware
interface; SSH; and TLS/HTTPS; then all three methods of administration must be exercised
during the evaluation team’s test activities.
The evaluator shall also perform the following test:
Test 1: The evaluator shall demonstrate that after configuring the TOE for first use from the
operational guidance, it is possible to establish an administrative session with the TOE on the
'wired' portion of the device. They shall then demonstrate that an identically configured wireless
client that can successfully connect to the TOE cannot be used to perform administration.
5.2.6 Protection of the TSF (FPT)
5.2.6.1 Fail Secure (FPT_FLS.1)
FPT_FLS.1.1
The TSF shall preserve a secure state when the following types of failures occur: failure of the
power-on self-tests.
Component Assurance Activity:
The evaluator shall review the TSS section to determine that the TOE’s implementation of the fail
secure functionality is documented. The evaluator shall first examine the TSS section to ensure
that all failure modes specified in the ST are described. The evaluator shall then ensure that the
TOE will attain a secure state after inserting each specified failure mode type. The evaluator shall
review the TSS to determine that the definition of secure state is defined and is suitable to ensure
protection of key material and user data.
5.2.6.2 Basic Internal TSF Data Transfer Protection (FPT_ITT.1)
FPT_ITT.1.1
Refinement: The TSF shall protect TSF data from disclosure and protect it from modification
when it is transmitted between separate parts of the TOE through the use [IPsec].
Component Assurance Activity:
The evaluator shall examine the TSS to determine that the methods and protocols used to protect
distributed TOE components are described. The evaluator shall also confirm that all protocols
listed in the TSS in support of TOE administration are consistent with those specified in the
requirement, and are included in the requirements in the ST. The evaluator shall confirm that the
operational guidance contains instructions for establishing the communication paths for each
supported method. The evaluator shall also perform the following tests:
Test 1: The evaluators shall ensure that communications using each specified (in the operational
guidance) communications method is tested during the course of the evaluation, setting up the
connections as described in the operational guidance and ensuring that communication is
successful.