User guide

ManualsBrandsAruba ManualsComputer equipment620

Aruba Networks Security Target

Page 60 of 67

NDPP

Source

Requirement

Assurance

Family

Test 1: The evaluator shall use the operational guidance to configure the

appropriate credential supported for the login method. For that credential/login

method, the evaluator shall show that providing correct I&A information results in

the ability to access the system, while providing incorrect information results in

denial of access.

Test 2: The evaluator shall configure the services allowed (if any) according to

the operational guidance, and then determine the services available to an

external remote entity. The evaluator shall determine that the list of services

available is limited to those specified in the requirement.

Test 3: For local access, the evaluator shall determine what services are

available to a local administrator prior to logging in, and make sure this list is

consistent with the requirement.

32.

FIA_UAU_

EXT.2

Assurance activities for this requirement are covered under those for

FIA_UIA_EXT.1. If other authentication mechanisms are specified, the evaluator

shall include those methods in the activities for FIA_UIA_EXT.1.

ASE_TSS

ATE_IND

33.

FIA_UAU.7

The evaluator shall perform the following test for each method of local login

allowed:

Test 1: The evaluator shall locally authenticate to the TOE. While making this

attempt, the evaluator shall verify that at most obscured feedback is provided

while entering the authentication information.

ATE_IND

34.

FMT_MTD.

The evaluator shall review the operational guidance to determine that each of

the TSF-data-manipulating functions implemented in response to the

requirements of this PP is identified, and that configuration information is

provided to ensure that only administrators have access to the functions. The

evaluator shall examine the TSS to determine that, for each administrative

function identified in the operational guidance; those that are accessible through

an interface prior to administrator log-in are identified. For each of these

functions, the evaluator shall also confirm that the TSS details how the ability to

manipulate the TSF data through these interfaces is disallowed for non-

administrative users.

AGD_OPE

ASE_TSS

35.

FMT_SMF.

The security management functions for FMT_SMF.1 are distributed throughout

the PP and are included as part of the requirements in FMT_MTD,

FPT_TST_EXT, and any cryptographic management functions specified in the

reference standards. Compliance to these requirements satisfies compliance

with FMT_SMF.1.

N/A

36.

FMT_SMR.

The evaluator shall review the operational guidance to ensure that it contains

instructions for administering the TOE both locally and remotely, including any

configuration that needs to be performed on the client for remote administration.

In the course of performing the testing activities for the evaluation, the evaluator

shall use all supported interfaces, although it is not necessary to repeat each test

involving an administrative action with each interface. The evaluator shall

ensure, however, that each supported method of administering the TOE that

conforms to the requirements of this PP be tested; for instance, if the TOE can

be administered through a local hardware interface; SSH; and TLS/HTTPS; then

all three methods of administration must be exercised during the evaluation

AGD_OPE

ATE_IND