Specifications
Security Target Version 1.0 9/29/2014
88
• FCS_HTTPS_EXT.1: References the applicable standards (and indicates any restrictions on those
standards) applicable to the protocol they require to be implemented.
• FCS_IPSEC_EXT.1: References the applicable standards (and indicates any restrictions on those
standards) applicable to the protocol they require to be implemented.
• FCS_SSH_EXT.1: References the applicable standards (and indicates any restrictions on those standards)
applicable to the protocol they require to be implemented.
• FCS_TLS_EXT.1: References the applicable standards (and indicates any restrictions on those standards)
applicable to the protocol they require to be implemented.
• FIA_8021X_EXT.1: References the applicable standards (and indicates any restrictions on those standards)
applicable to the protocol they require to be implemented.
• FTP_ITC.1: References the applicable standards (and indicates any restrictions on those standards)
applicable to the protocol they require to be implemented.
8.2.1.7 O.REPLAY_DETECTION
The TOE will provide a means to detect and reject the replay of authentication data and other TSF data
and security attributes.
This TOE Security Objective is satisfied by ensuring that:
• FPT_RPL.1: Requires the TOE to detect and reject any attempted replay of authentication data from a
remote user.
8.2.1.8 O.RESIDUAL_INFORMATION_CLEARING
The TOE will ensure that any data contained in a protected resource is not available when the resource is
reallocated.
This TOE Security Objective is satisfied by ensuring that:
• FCS_CKM_EXT.4: Ensures the destruction of any cryptographic keys when no longer needed.
• FDP_RIP.2: is used to ensure the contents of resources are not available to subjects other than those
explicitly granted access to the data. For this TOE it is critical that the memory used to build network
packets is either cleared or that some buffer management scheme be employed to prevent the contents of a
packet being disclosed in a subsequent packet (e.g., if padding is used in the construction of a packet, it
must not contain another user’s data or TSF data).
8.2.1.9 O.RESOURCE_AVAILABILITY
The TOE shall provide mechanisms that mitigate user attempts to exhaust TOE resources (e.g., persistent
storage).
This TOE Security Objective is satisfied by ensuring that:
• FRU_RSA.1: Imposes quotas on exhaustible resources such that resources can be controlled and DoS
attacks may be mitigated.
8.2.1.10 O.ROBUST_TOE_ACCESS
The TOE will provide mechanisms that control an administrator’s logical access to the TOE and to control
administrative access from a wireless client.
This TOE Security Objective is satisfied by ensuring that:
• FIA_AFL.1: Provides a settable unsuccessful authentication attempt threshold that prevents unauthorized
users acting remotely from gaining access to authorized administrator's account by guessing authentication
data by locking the targeted account until the Authorized Administrator takes some action (e.g., re-enables
the account) or for some Authorized Administrator defined time period.
• FIA_PMG_EXT.1: Defines the attributes of passwords used by administrative users to ensure that strong
passwords and passphrases can be chosen and maintained.
• FIA_UAU.6: Requires a user to re-authenticate when a password is changed or the session is locked.