Specifications

Security Target Version 1.0 9/29/2014

the product. The evaluator obtains a legitimate update using procedures described in the

operational guidance and verifies that it is successfully installed on the TOE. Then, the evaluator

performs a subset of other assurance activity tests to demonstrate that the update functions as

expected. After the update, the evaluator performs the version verification activity again to verify

the version correctly corresponds to that of the update.

Test 2: The evaluator performs the version verification activity to determine the current version of

the product. The evaluator obtains or produces an illegitimate update, and attempts to install it on

the TOE. The evaluator verifies that the TOE rejects the update.

5.2.7 Resource utilisation (FRU)

5.2.7.1 Maximum Quotas TOE Access (FTA) (FRU_RSA.1)

FRU_RSA.1.1

The TSF shall enforce maximum quotas of the following resources: [control-plane bandwidth],

[no other resources] that [individual users] can use [simultaneously].

Component Assurance Activity:

The evaluator shall examine the TSS to ensure that it identifies all resources controlled through the

quota mechanism, and that this list contains those resources used to support the administrative

interface. The evaluator shall ensure that the TSS describes how each resource is counted as 'used'

and how a maximum quota or use is determined, as well as the action taken when the quota is

reached. The TSS shall also describe whether the quota is imposed on users or subjects (in this

case TOE processes) and whether the quota imposed is for simultaneous use or cumulative use

over a period of time. The evaluator shall examine the operational guidance to determine that it

contains instructions for establishing quotas (if they are configurable), and describes any actions

administrators can or should take in response to a quota being reached.

The evaluator shall also perform the following tests for each controlled resource:

Test 1: The evaluator follows the operational guidance to configure quotas for the resource (if

such a capability is provided). The evaluator then causes the resource quota to be reached, and

observes that the action specified in the TSS occurs.

5.2.8 TOE access (FTA)

5.2.8.1 TSF-initiated termination (FTA_SSL.3)

FTA_SSL.3.1

The TSF shall terminate a remote interactive session after an Authorized Administrator-

configurable time interval of session inactivity.

Component Assurance Activity:

The evaluator shall perform the following test:

Test 1: The evaluator follows the operational guidance to configure several different values for the

inactivity time period referenced in the component; these shall consist at least of the minimum and

maximum allowed values as specified in the operational guidance, as well as one other value. For

each period configured, the evaluator establishes a remote interactive session with the TOE. The

evaluator then observes that the session is terminated after the configured time period.

5.2.8.2 User-initiated termination (FTA_SSL.4)

FTA_SSL.4.1

The TSF shall allow Administrator-initiated termination of the Administrator’s own interactive

session.