Manualshelf

Hardware manual

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
11121314151617181920
Version 1.1, 03/31/2015
GSS CCT Evaluation Technical Report Page 17 of 56 © 2015 Gossamer Security Solutions, Inc.
Document: AAR-BrocadeNetIron5.8 All rights reserved.
FCS_CKM.1.1 selected NIST Special Publication 800-56B, so the evaluator expected to find only that publication
addressed in the TSS.
Section 6.2, Table 6, addresses SP 800-56B with section references, indications of whether identified features are
implemented and where the implementation disagrees with the recommendation a rationale is provided. Note
that no such deviations are identified.
Guidance Assurance Activities: None Defined
Testing Assurance Activities: The evaluator shall use the key pair generation portions of 'The FIPS 186-3 Digital
Signature Algorithm Validation System (DSA2VS)', 'The FIPS 186-3 Elliptic Curve Digital Signature Algorithm
Validation System (ECDSA2VS)', and either 'The RSA Validation System (RSAVS)' (for FIPS 186-2) or “The 186-3 RSA
Validation System (RSA2VS)” (for FIPS 186-3)as a guide in testing the requirement above, depending on the
selection performed by the ST author. This will require that the evaluator have a trusted reference implementation
of the algorithms that can produce test vectors that are verifiable during the test.
The TOE has been FIPS approved. The RSA certificate numbers are 1413 and 1411.
2.2.2 CRYPTOGRAPHIC KEY ZEROIZATION (FCS_CKM_EXT.4)
2.2.2.1 FCS_CKM_EXT.4.1
TSS Assurance Activities: The evaluator shall check to ensure the TSS describes each of the secret keys (keys used
for symmetric encryption), private keys, and CSPs used to generate key; when they are zeroized (for example,
immediately after use, on system shutdown, etc.); and the type of zeroization procedure that is performed
(overwrite with zeros, overwrite three times with random pattern, etc.). If different types of memory are used to
store the materials to be protected, the evaluator shall check to ensure that the TSS describes the zeroization
procedure in terms of the memory in which the data are stored (for example, 'secret keys stored on flash are
zeroized by overwriting once with zeros, while secret keys stored on the internal hard drive are zeroized by
overwriting three times with a random pattern that is changed before each write').
Section 6.2, a list is presented (after Table 11) that identifies secret keys, private keys, and CSPs with a brief
summary of purpose. Following the list, is a description of where keys are stored and when and how they are
destroyed.
1. Describe each secret key, private key, and CSP: The list identified above serves to describe each key to
some degree.