User guide

ManualsBrandsAruba ManualsComputer equipment620

Aruba Networks Security Target

Page 51 of 67

Annex A: NDPP Assurance Activities

87 The NDPP contains assurance activities that are to be performed in meeting the

requirements of the NDPP. As these are spread throughout the NDPP document,

the table below provides a consolidated reference.

NDPP

Source

Requirement

Assurance

Family

FAU_GEN.

The evaluator shall check the administrative guide and ensure that it lists all of

the auditable events and provides a format for audit records. Each audit record

format type must be covered, along with a brief description of each field. The

evaluator shall check to make sure that every audit event type mandated by the

PP is described and that the description of the fields contains the information

required in FAU_GEN1.2, and the additional information specified in Table 1 of

the NDPP.

AGD_OPE

FAU_GEN.

The evaluator shall also make a determination of the administrative actions that

are relevant in the context of this PP. The evaluator shall examine the

administrative guide and make a determination of which administrative

commands, including subcommands, scripts, and configuration files, are related

to the configuration (including enabling or disabling) of the mechanisms

implemented in the TOE that are necessary to enforce the requirements

specified in the PP. The evaluator shall document the methodology or approach

taken while determining which actions in the administrative guide are security

relevant with respect to this PP. The evaluator may perform this activity as part

of the activities associated with ensuring the AGD_OPE guidance satisfies the

requirements.

AGD_OPE

FAU_GEN.

The evaluator shall test the TOE’s ability to correctly generate audit records by

having the TOE generate audit records for the events listed in table 1 and

administrative actions. This should include all instances of an event--for

instance, if there are several different I&A mechanisms for a system, the

FIA_UIA_EXT.1 events must be generated for each mechanism. The evaluator

shall test that audit records are generated for the establishment and termination

of a channel for each of the cryptographic protocols contained in the ST. If

HTTPS is implemented, the test demonstrating the establishment and

termination of a TLS session can be combined with the test for an HTTPS

session. For administrative actions, the evaluator shall test that each action

determined by the evaluator above to be security relevant in the context of this

PP is auditable. When verifying the test results, the evaluator shall ensure the

audit records generated during testing match the format specified in the

administrative guide, and that the fields in each audit record have the proper

entries.

Note that the testing here can be accomplished in conjunction with the testing of

the security mechanisms directly. For example, testing performed to ensure that

the administrative guidance provided is correct verifies that AGD_OPE.1 is

satisfied and should address the invocation of the administrative actions that are

needed to verify the audit records are generated as expected.

ATE_IND

FAU_STG_

EXT.1

For both types of TOEs (those that act as an audit server and those that send

data to an external audit server), there is some amount of local storage. The

evaluator shall examine the TSS to ensure it describes the amount of audit data

that are stored locally; what happens when the local audit data store is full; and

ASE_TSS

AGD_OPE