User guide

ManualsBrandsAruba ManualsComputer equipment620

Aruba Networks Security Target

Page 64 of 67

NDPP

Source

Requirement

Assurance

Family

modification of the channel data is detected by the TOE.

Further assurance activities are associated with the specific protocols.

48.

FPT_ITT.1

The evaluator shall examine the TSS to determine that the methods and

protocols used to protect distributed TOE components are described. The

evaluator shall also confirm that all protocols listed in the TSS in support of TOE

administration are consistent with those specified in the requirement, and are

included in the requirements in the ST. The evaluator shall confirm that the

operational guidance contains instructions for establishing the communication

paths for each supported method. The evaluator shall also perform the following

tests:

Test 1: The evaluators shall ensure that communications using each specified

(in the operational guidance) communications method is tested during the course

of the evaluation, setting up the connections as described in the operational

guidance and ensuring that communication is successful.

Test 2: The evaluator shall ensure, for each method of communication, the

channel data is not sent in plaintext.

Test 3: The evaluator shall ensure, for each method of communication,

modification of the channel data is detected by the TOE.

Further assurance activities are associated with the specific protocols.

ASE_TSS

ATE_IND

49.

ADV_FSP.

Developer Note: As indicated in the introduction to this section, the functional

specification is comprised of the information contained in the AGD_OPE and

AGD_PRE documentation, coupled with the information provided in the TSS of

the ST. The assurance activities in the functional requirements point to evidence

that should exist in the documentation and TSS section; since these are directly

associated with the SFRs, the tracing in element ADV_FSP.1.2D is

Implicitly already done and no additional documentation is necessary.

ADV_FSP

50.

ADV_FSP.

There are no specific assurance activities associated with these SARs. The

functional specification documentation is provided to support the evaluation

activities described in NDPP Section 4.2, and other activities described for AGD,

ATE, and AVA SARs. The requirements on the content of the functional

specification information is implicitly assessed by virtue of the other assurance

activities being performed; if the evaluator is unable to perform an activity

because the there is insufficient interface information, then an adequate

functional specification has not been provided.

ADV_FSP

51.

AGD_OPE.

The operational guidance shall at a minimum list the processes running (or that

could run) on the TOE in its evaluated configuration during its operation that are

capable of processing data received on the network interfaces (there are likely

more than one of these, and this is not limited to the process that "listens" on the

network interface). It is acceptable to list all processes running (or that could

run) on the TOE in its evaluated configuration instead of attempting to determine

just those that process the network data. For each process listed, the

administrative guidance will contain a short (e.g., one- or two-line) description of

the process' function, and the privilege with which the service runs. "Privilege"

includes the hardware privilege level (e.g., ring 0, ring 1), any software privileges

specifically associated with the process, and the privileges associated with the

AGD_OPE