Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHousehold Appliances8
11121314151617181920
Brocade Communications Systems, Inc. Page 19 of 48
5.1.3 User data protection (FDP)
5.1.3.1 Subset access control (FDP_ACC.1)
FDP_ACC.1.1 The TSF shall enforce the [SAN Fabric SFP] on [
a.) subjects: host bus adapters
b.) objects: storage devices
c.) operations: block-read and block-write
].
5.1.3.2 Security attribute based access control (FDP_ACF.1)
FDP_ACF.1.1 The TSF shall enforce the [SAN Fabric SFP] to objects based on the following: [
a.) subject security attributes:
1. port number;
2. zone membership
b.) storage device security attributes:
1. storage device address;
2. zone membership
].
FDP_ACF.1.2 The TSF shall enforce the following rules to determine if an operation among controlled subjects
and controlled objects is allowed: [for any zone, if the subject port is a member of that zone
and the device address is a member of that zone, then the operation is allowed].
FDP_ACF.1.3 The TSF shall explicitly authorize access of subjects to objects based on the following additional
rules: [no additional rules].
FDP_ACF.1.4 The TSF shall explicitly deny access of subjects to objects based on the [no additional rules].
5.1.3.3 Subset information flow control (FDP_IFC.1)
FDP_IFC.1.1 For models of the product supporting user data encryption, the TSF shall enforce the
[encrypted user data SFP] on [
a.) Subjects: host bus adapters;
b.) Information: data frames read / written by a host bus adapter from / to a storage device;
and
c.) Operation: block-read and block-write
].
5.1.3.4 Simple security attributes (FDP_IFF.1)
FDP_IFF.1.1 For models of the product supporting user data encryption, the TSF shall enforce the
[encrypted user data SFP] based on the following types of subject and information security
attributes: [
a.) Subjects security attributes:
1. host bus adapter port number;
b.) Information security attributes:
1. storage device port number;
2. LUN and
3. storage device CryptoTarget container membership
].
FDP_IFF.1.2 For models of the product supporting user data encryption, the TSF shall permit an
information flow between a controlled subject and controlled information via a controlled
operation if the following rules hold: [
a.) the CryptoTarget container membership for the storage device includes the HBA port
number and indicates the LUN should be encrypted, then the TOE will
1. encrypt blocks written from the HBA to the LUN on the storage device port; or