User guide
Aruba Networks Security Target
Page 25 of 67
The TSF shall implement “NIST curves” P-256, P-384 and no
other curves (as defined in FIPS PUB 186-3, “Digital Signature
Standard”).
Application Note: This component is iterated as instructed by the application notes of the
NDPP.
FCS_RBG_EXT.1(1) Extended: Cryptographic Operation (Random Bit Generation
– SSH/TLS)
FCS_RBG_EXT.1.1(1) The TSF shall perform all random bit generation (RBG) services in
accordance with FIPS Pub 140-2 Annex C: X9.31 Appendix 2.4 using
AES seeded by an entropy source that accumulated entropy from a TSF-
hardware-based noise source.
FCS_RBG_EXT.1.2 (1) The deterministic RBG shall be seeded with a minimum of 256 bits of
entropy at least equal to the greatest bit length of the keys and
authorization factors that it will generate.
FCS_RBG_EXT.1(2) Extended: Cryptographic Operation (Random Bit Generation -
IPSec)
FCS_RBG_EXT.1.1(2) The TSF shall perform all random bit generation (RBG) services in
accordance with NIST Special Publication 800-90 using CTR_DRBG
(AES) seeded by an entropy source that accumulated entropy from a
TSF-hardware-based noise source.
FCS_RBG_EXT.1.2(2) The deterministic RBG shall be seeded with a minimum of 256 bits of
entropy at least equal to the greatest bit length of the keys and
authorization factors that it will generate.
FCS_HTTPS_EXT.1 Explicit: HTTPS
FCS_HTTPS_EXT.1.1 The TSF shall implement the HTTPS protocol that complies with RFC
2818.
FCS_HTTPS_EXT.1.2 The TSF shall implement HTTPS using TLS as specified in
FCS_TLS_EXT.1.
FCS_TLS_EXT.1 Explicit: TLS
FCS_TLS_EXT.1.1 The TSF shall implement one or more of the following protocols TLS 1.2
(RFC 5246) supporting the following ciphersuites.
Mandatory Ciphersuites:
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Optional Ciphersuites: