User guide
Aruba Networks Security Target
Page 28 of 67
FIA_UIA_EXT.1.2 The TSF shall require each administrative user to be successfully
identified and authenticated before allowing any other TSF-mediated
actions on behalf of that administrative user.
FIA_UAU_EXT.2 Extended: Password-based Authentication Mechanism
FIA_UAU_EXT.2.1 The TSF shall provide a local password-based authentication
mechanism, Radius username/password authentication and Public Key
authentication] to perform administrative user authentication.
FIA_UAU.7 Protected Authentication Feedback
FIA_UAU.7.1 The TSF shall provide only obscured feedback to the administrative user
while the authentication is in progress at the local console.
Application Note: “Obscured feedback” implies the TSF does not produce a visible display
of any authentication data entered by a user (such as the echoing of a
password), although an obscured indication of progress may be provided
(such as an asterisk for each character). It also implies that the TSF
does not return any information during the authentication process to the
user that may provide any indication of the authentication data.
5.3.6 Security Management (FMT)
FMT_MTD.1 Management of TSF Data (for general TSF data)
FMT_MTD.1.1 The TSF shall restrict the ability to manage the TSF data to the Security
Administrators.
FMT_SMF.1 Specification of Management Functions
FMT_SMF.1.1 The TSF shall be capable of performing the following management
functions:
Ability to administer the TOE locally and remotely;
Ability to update the TOE, and to verify the updates using digital
signature capability prior to installing those updates;
Ability to configure the cryptographic functionality;
FMT_SMR.2 Restrictions on Security Roles
FMT_SMR.2.1 The TSF shall maintain the roles:
Authorized Administrator
FMT_SMR.2.2 The TSF shall be able to associate users with roles.
FMT_SMR.2.3 The TSF shall ensure that the conditions
Authorized Administrator role shall be able to administer the
TOE locally;