Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHousehold Appliances8
21222324252627282930
Brocade Communications Systems, Inc. Page 21 of 48
5.1.5 Security management (FMT)
5.1.5.1 Management of security attributes (FMT_MSA.1(1))
FMT_MSA.1.1(1) The TSF shall enforce the [SAN Fabric SFP] to restrict the ability to [[add or remove
members of a zone]] the security attributes [host bus adapter port number; storage device
port number; zone membership of a host bus adapter and zone membership of a storage
device] to [users possessing one of the following administrative roles: admin,
zoneAdmin, fabricAdmin, root, factory].
Application note: Host bus adapters and storage devices are referred to as members of a zone when they are added
to a zone.
5.1.5.2 Management of security attributes (FMT_MSA.1(2))
FMT_MSA.1.1(2) For models of the product supporting user data encryption, the TSF shall enforce the
[encrypted user data SFP] to restrict the ability to [[manage]] the security attributes [
host bus adapter port number;
host bus adapter CryptoTarget container membership;
LUN encryption status;
storage device port number; and
storage device CryptoTarget container membership ]
to [users possessing one of the following administrative roles: Admin, SecurityAdmin,
FabricAdmin, Root Factory ].
5.1.5.3 Static attribute initialization (FMT_MSA.3(1))
FMT_MSA.3.1(1) The TSF shall enforce the [SAN Fabric SFP] to provide [restrictive] default values for
security attributes that are used to enforce the SFP.
FMT_MSA.3.2(1) The TSF shall allow the [no user] to specify alternative initial values to override the default
values when an object or information is created.
5.1.5.4 Static attribute initialization (FMT_MSA.3(2))
FMT_MSA.3.1(2) For models of the product supporting user data encryption, the TSF shall enforce the
[encrypted user data SFP] to provide [permissive] default values for security attributes that
are used to enforce the SFP.
FMT_MSA.3.2(2) For models of the product supporting user data encryption, the TSF shall allow the [no
user] to specify alternative initial values to override the default values when an object or
information is created.
5.1.5.5 Management of TSF data (FMT_MTD.1(1))
FMT_MTD.1.1(1) The TSF shall restrict the ability to [query, modify, delete, [and assign]] the [
user identity,
user role,
minimum password length and minimum number of specified character
types used in a password,
number of unsuccessful authentication attempts that cause accounts to be
locked,
locked status of an account,
order in which authentication providers are checked,
presumed source address and service permitted from which remote users
connect to the TOE
]
to [users possessing one of the following administrative roles: admin, SecurityAdmin,
root, factory].