User guide
Aruba Networks Security Target
Page 63 of 67
#
NDPP
Source
Requirement
Assurance
Family
instance.
46.
FTP_ ITC.1
The evaluator shall examine the TSS to determine that, for all communications
with authorized IT entities identified in the requirement, each communications
mechanism is identified in terms of the allowed protocols for that IT entity. The
evaluator shall also confirm that all protocols listed in the TSS are specified and
included in the requirements in the ST. The evaluator shall confirm that the
operational guidance contains instructions for establishing the allowed protocols
with each authorized IT entity, and that it contains recovery instructions should a
connection be unintentionally broken. The evaluator shall also perform the
following tests:
Test 1: The evaluators shall ensure that communications using each protocol
with each authorized IT entity is tested during the course of the evaluation,
setting up the connections as described in the operational guidance and
ensuring that communication is successful.
Test 2: For each protocol that the TOE can initiate as defined in the requirement,
the evaluator shall follow the operational guidance to ensure that in fact the
communication channel can be initiated from the TOE.
Test 3: The evaluator shall ensure, for each communication channel with an
authorized IT entity, the channel data is not sent in plaintext.
Test 4: The evaluator shall ensure, for each communication channel with an
authorized IT entity, modification of the channel data is detected by the TOE.
Test 5: The evaluators shall, for each protocol associated with each authorized
IT entity tested during test 1, the connection is physically interrupted. The
evaluator shall ensure that when physical connectivity is restored,
communications are appropriately protected.
Further assurance activities are associated with the specific protocols.
ASE_TSS
AGD_OPE
ATE_IND
47.
FTP_TRP.
1
The evaluator shall examine the TSS to determine that the methods of remote
TOE administration are indicated, along with how those communications are
protected. The evaluator shall also confirm that all protocols listed in the TSS in
support of TOE administration are consistent with those specified in the
requirement, and are included in the requirements in the ST. The evaluator shall
confirm that the operational guidance contains instructions for establishing the
remote administrative sessions for each supported method. The evaluator shall
also perform the following tests:
Test 1: The evaluators shall ensure that communications using each specified
(in the operational guidance) remote administration method is tested during the
course of the evaluation, setting up the connections as described in the
operational guidance and ensuring that communication is successful.
Test 2: For each method of remote administration supported, the evaluator shall
follow the operational guidance to ensure that there is no available interface that
can be used by a remote user to establish a remote administrative sessions
without invoking the trusted path.
Test 3: The evaluator shall ensure, for each method of remote administration,
the channel data is not sent in plaintext.
Test 4: The evaluator shall ensure, for each method of remote administration,
ASE_TSS