Specifications
Security Target Version 1.0 9/29/2014
89
• FIA_UAU.7: Ensures that authentication feedback is obscured at the local console.
• FIA_UAU_EXT.5: Requires that the TSF provides local authentication methods (one of which is required
to be a local password-based mechanism, with other optional (potentially off-box) mechanisms allowed) to
ensure that unauthorized users cannot gain logical access to the TOE.
• FIA_UIA_EXT.1: Plays a role in satisfying this objective by ensuring that every user is identified and
authenticated before the TOE performs any mediated functions.
• FMT_SMR.1: Controls the administrator's ability to perform administrative actions from a wireless client;
the capability must be disabled by default.
• FTA_SSL.3: Takes into account remote sessions. After an Administrator-defined time interval of inactivity
remote sessions will be terminated, this includes user proxy sessions and remote administrative sessions.
This component is especially necessary since remote sessions are not typically afforded the same physical
protections that local sessions are provided.
• FTA_SSL.4: Provides administrators the capability to exit or logoff administrative sessions, rather than
wait for the session to be terminated.
• FTA_SSL_EXT.1: Provides the Authenticated Administrator the capability to specify a time interval of
inactivity in which an unattended local administrative session would be locked and will require the
administrator responsible for that session to re-authenticate before the session can be used to access TOE
resources.
8.2.1.11 O.SESSION_LOCK
The TOE shall provide mechanisms that mitigate the risk of unattended sessions being hijacked.
This TOE Security Objective is satisfied by ensuring that:
• FTA_SSL.3: Takes into account remote sessions. After an Authorized Administrator defined time interval
of inactivity remote sessions will be terminated, this includes user proxy sessions and remote administrative
sessions. This component is especially necessary because remote sessions are not typically afforded the
same physical protections that local sessions are provided.
• FTA_SSL.4: Provides administrators the capability to exit or logoff administrative sessions, rather than
wait for the session to be terminated.
• FTA_SSL_EXT.1: Provides an authenticated Administrator the capability to specify a time interval of
inactivity in which an unattended local administrative session would be locked and will require the
administrator responsible for that session to re-authenticate before the session can be used to access TOE
resources.
8.2.1.12 O.SYSTEM_MONITORING
The TOE will provide the capability to generate audit data and send those data to an external IT entity.
This TOE Security Objective is satisfied by ensuring that:
• FAU_GEN.1: Defines the set of events that the TOE must be capable of recording.
• FAU_GEN.2: Ensures the audit records associate a user identity with the auditable event.
• FAU_SAR.1: Ensures administrators can review the audit records.
• FAU_SAR.2: Ensures only administrators can review the audit records.
• FAU_SEL.1: Allows the administrator to configure which auditable events will be recorded in the audit
trail.
• FAU_STG.1: Requires some amount of local audit storage which must be protected from unauthorized
access.
• FAU_STG_EXT.1: Protects the audit records through transmission between external audit storage.
• FAU_STG_EXT.3: Defines the set of events that must occur when the link to the external audit storage is
not available.
• FPT_STM.1: Requires that the TOE be able to provide reliable time stamps for use in audit records.