Specifications
Security Target Version 1.0 9/29/2014
53
Component Assurance Activity:
The evaluator shall perform the following test:
Test 1: The evaluator initiates an interactive local session with the TOE. The evaluator then
follows the operational guidance to exit or log off the session and observes that the session has
been terminated.
Test 2: The evaluator initiates an interactive remote session with the TOE. The evaluator then
follows the operational guidance to exit or log off the session and observes that the session has
been terminated.
5.2.8.3 TSF-initiated session locking (FTA_SSL_EXT.1)
FTA_SSL_EXT.1.1
Refinement: The TSF shall, for local interactive sessions, [terminate the session] after an
Authorized Administrator specified time period of inactivity.
Component Assurance Activity:
The evaluator shall perform the following test:
Test 1: The evaluator follows the operational guidance to configure several different values for the
inactivity time period referenced in the component. For each period configured, the evaluator
establishes a local interactive session with the TOE. The evaluator then observes that the session is
either locked or terminated after the configured time period. If locking was selected from the
component, the evaluator then ensures that re-authentication is needed when trying to unlock the
session.
5.2.8.4 Default TOE Access Banners (FTA_TAB.1)
FTA_TAB.1.1
Refinement: Before establishing an administrative user session the TSF shall be capable of
displaying an Authorized Administrator-specified advisory notice and consent warning message
regarding unauthorized use of the TOE.
Component Assurance Activity:
The evaluator shall check the TSS to ensure that it details each method of access (local and
remote) available to the administrator (e.g., serial port, SSH, HTTPS). The evaluator shall also
perform the following test:
Test 1: The evaluator follows the operational guidance to configure a notice and consent warning
message. The evaluator shall then, for each method of access specified in the TSS, establish a
session with the TOE. The evaluator shall verify that the notice and consent warning message is
displayed in each instance.
5.2.8.5 TOE Session Establishment Trusted Path/Channels (FTP) (FTA_TSE.1)
FTA_TSE.1.1
Refinement: The TSF shall be able to deny establishment of a wireless client session based on
location, time, day, [blacklist state].
Component Assurance Activity:
The evaluator shall examine the TSS to determine that all of the attributes on which a client
session can be denied are specifically defined. The evaluator shall examine the operational
guidance to determine that it contains guidance for configuring each of the attributes identified in
the TSS. The evaluator shall also perform the following test for each attribute:
Test 1: The evaluator successfully establishes a client session with a wireless client. The evaluator
then follows the operational guidance to configure the system so that that client’s access is denied