User guide

Aruba Networks Security Target
Page 66 of 67
#
NDPP
Source
Requirement
Assurance
Family
tool will not adversely affect the performance of the functionality by the TOE and
its platform. This also includes the configuration of the cryptographic engine to
be used. The cryptographic algorithms implemented by this engine are those
specified by this PP and used by the cryptographic protocols being evaluated
(IPsec, TLS/HTTPS, SSH).
59.
ATE_IND.1
The test plan identifies high-level test objectives as well as the test procedures to
be followed to achieve those objectives. These procedures include expected
results. The test report (which could just be an annotated version of the test
plan) details the activities that took place when the test procedures were
executed, and includes the actual results of the tests. This shall be a cumulative
account, so if there was a test run that resulted in a failure; a fix installed; and
then a successful rerun of the test, the report would show a “fail” and “pass
result (and the supporting details), and not just the “pass” result.
ATE_IND
60.
AVA_VAN.
1
As with ATE_IND, the evaluator shall generate a report to document their
findings with respect to this requirement. This report could physically be part of
the overall test report mentioned in ATE_IND, or a separate document. The
evaluator performs a search of public information to determine the vulnerabilities
that have been found in network infrastructure devices and the implemented
communication protocols in general, as well as those that pertain to the
particular TOE. The evaluator documents the sources consulted and the
vulnerabilities found in the report. For each vulnerability found, the evaluator
either provides a rationale with respect to its nonapplicability, or the evaluator
formulates a test (using the guidelines provided in ATE_IND) to confirm the
vulnerability, if suitable. Suitability is determined by assessing the attack vector
needed to take advantage of the vulnerability. For example, if the vulnerability
can be detected by pressing a key combination on boot-up, a test would be
suitable at the assurance level of the NDPP. If exploiting the vulnerability
requires expert skills and an electron microscope, for instance, then a test would
not be suitable and an appropriate justification would be formulated.
AVA_VAN
61.
ALC_CMC.
1
The evaluator shall check the ST to ensure that it contains an identifier (such as
a product name/version number) that specifically identifies the version that
meets the requirements of the ST. Further, the evaluator shall check the AGD
guidance and TOE samples received for testing to ensure that the version
number is consistent with that in the ST. If the vendor maintains a web site
advertising the TOE, the evaluator shall examine the information on the web site
to ensure that the information in the ST is sufficient to distinguish the product.
ALC_CMC
62.
ALC_CMS.
2
The “evaluation evidence required by the SARs” in the NDPP is limited to the
information in the ST coupled with the guidance provided to administrators and
users under the AGD requirements. By ensuring that the TOE is specifically
identified and that this identification is consistent in the ST and in the AGD
guidance (as done in the assurance activity for ALC_CMC.1), the evaluator
implicitly confirms the information required by this component.
ALC_CMS
63.
Annex
C1.2
The evaluator shall check to ensure that the TSS contains a list (possibly empty
except for authentication failures for user-level connections) of the protocol
failures that are auditable. The evaluator shall test all identified audit events
during protocol testing/audit testing.
ASE_TSS
ATE_IND