Specifications
Security Target Version 1.0 9/29/2014
83
• O.TOE_ADMINISTRATION: Requires the TOE to provide mechanisms (e.g., local authentication, remote
authentication, means to configure and manage the TOE both remotely and locally) that allow remote and
local administration of the TOE.
• O.WIRELESS_CLIENT_ACCESS: Mitigates the threat by providing mechanisms to restrict wireless client
access according to the desired security posture of the TOE.
8.1.1.10 T.UNAUTHORIZED_UPDATE
A malicious party attempts to supply the end user with an update to the product that may compromise the
security features of the TOE.
This Threat is satisfied by ensuring that:
• O.VERIFIABLE_UPDATES: Ensures that the administrator can confirm the update.
8.1.1.11 T.UNDETECTED_ACTIONS
Malicious remote users or external IT entities may take actions that adversely affect the security of the
TOE. These actions may remain undetected and thus their effects cannot be effectively mitigated.
This Threat is satisfied by ensuring that:
• O.SYSTEM_MONITORING: Mitigates this threat by providing the administrator with the capability of
configuring the audit mechanism to record the actions of a specific user, or review the audit trail based on
the identity of the user.
8.1.1.12 T.USER_DATA_REUSE
User data may be inadvertently sent to a destination not intended by the original sender.
This Threat is satisfied by ensuring that:
• O.RESIDUAL_INFORMATION_CLEARING: Counters this threat by ensuring that TSF data and user
data is not persistent when resources are released by one user/process and allocated to another user/process.
8.1.1.13 A.NO_GENERAL_PURPOSE
It is assumed that there are no general-purpose computing capabilities (e.g., compilers or user
applications) available to the TOE, other than those services necessary for the operation, administration
and support of the TOE.
This Assumption is satisfied by ensuring that:
• OE.NO_GENERAL_PURPOSE: Ensures the TOE does not include any general-purpose computing or
storage capabilities. This will protect the TSF data from malicious processes.
8.1.1.14 A.NO_TOE_BYPASS
Information cannot flow between the wireless client and the internal wired network without passing
through the TOE.
This Assumption is satisfied by ensuring that:
• OE.NO_TOE_BYPASS: Ensures that all information flow between external and internal networks in
different enclaves passes through the TOE.
8.1.1.15 A.PHYSICAL
Physical security, commensurate with the value of the TOE and the data it contains, is assumed to be
provided by the environment.
This Assumption is satisfied by ensuring that:
• OE.PHYSICAL: Ensures the TOE, the TSF data, and protected user data is protected from physical attack
(e.g., theft, modification, destruction, or eavesdropping). Physical attack could include unauthorized