Specifications
Security Target Version 1.0 9/29/2014
54
based on a specific value of the attribute. The evaluator shall then attempt to establish a session in
contravention to the attribute setting (for instance, the location is denied based upon the client’s IP
address). The evaluator shall observe that the access attempt fails.
5.2.9 Trusted path/channels (FTP)
5.2.9.1 Inter-TSF trusted channel (FTP_ITC.1)
FTP_ITC.1.1
Refinement: The TSF shall use 802.11-2007, IPsec, and [no other protocols] to provide a trusted
communication channel between itself and all authorized IT entities that is logically distinct from
other communication channels and provides assured identification of its end points and protection
of the channel data from disclosure and detection of modification of the channel data.
FTP_ITC.1.2
The TSF shall permit the TSF, or the authorized IT entities to initiate communication via the
trusted channel.
FTP_ITC.1.3
The TSF shall initiate communication via the trusted channel for [remote logging, NTP, and
authentication functions].
Component Assurance Activity:
The evaluator shall examine the TSS to determine that, for all communications with authorized IT
entities, each communications mechanism is identified in terms of the allowed protocols for that
IT entity. The evaluator shall also confirm that all protocols listed in the TSS are specified and
included in the requirements in the ST. The evaluator shall confirm that the operational guidance
contains instructions for establishing the allowed protocols with each authorized IT entity, and that
it contains recovery instructions should a connection be unintentionally broken. The evaluator
shall also perform the following tests:
Test 1: The evaluators shall ensure that communications using each protocol with each authorized
IT entity is tested during the course of the evaluation, setting up the connections as described in
the operational guidance and ensuring that communication is successful.
Test 2: For each protocol that the TOE can initiate as defined in the requirement, the evaluator
shall follow the operational guidance to ensure that in fact the communication channel can be
initiated from the TOE.
Test 3: The evaluator shall ensure, for each communication channel with an authorized IT entity,
the channel data is not sent in plaintext.
Test 4: The evaluator shall ensure, for each communication channel with an authorized IT entity,
modification of the channel data is detected by the TOE.
Test 5: The evaluators shall, for each protocol associated with each authorized IT entity tested
during test 1, the connection is physically interrupted. The evaluator shall ensure that when
physical connectivity is restored, communications are appropriately protected.
Further assurance activities are associated with the specific protocols.
5.2.9.2 Trusted Path (FTP_TRP.1)
FTP_TRP.1.1
Refinement: The TSF shall use [SSH, TLS/HTTPS] provide a trusted communication path
between itself and remote administrators that is logically distinct from other communication paths
and provides assured identification of its end points and protection of the communicated data from
disclosure and detection of modification of the communicated data.