Manualshelf

Hardware manual

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
31323334353637383940
Version 1.1, 03/31/2015
GSS CCT Evaluation Technical Report Page 40 of 56 © 2015 Gossamer Security Solutions, Inc.
Document: AAR-BrocadeNetIron5.8 All rights reserved.
Component Assurance Activities: The evaluator shall examine the TSS to determine that it details how any pre-
shared keys, symmetric keys, and private keys are stored and that they are unable to be viewed through an
interface designed specifically for that purpose, as outlined in the application note in the NDPP. If these values are
not stored in plaintext, the TSS shall describe how they are protected/obscured.
Section 6.6 states that the TOE does not offer any interfaces that will disclose to any user cryptographic keys.
2.6.3 RELIABLE TIME STAMPS (FPT_STM.1)
2.6.3.1 FPT_STM.1.1
TSS Assurance Activities: The evaluator shall examine the TSS to ensure that it lists each security function that
makes use of time. The TSS provides a description of how the time is maintained and considered reliable in the
context of each of the time related functions.
Section 6.6 states the OE provides a hardware clock for reliable time stamps. The description explains the clock is
mainly used for timestamps in audit records but also supports the timing elements of cryptographic functions. By
virtue of being a real-time clock, the evaluator assumes it is reliable.
Guidance Assurance Activities: The evaluator examines the operational guidance to ensure it instructs the
administrator how to set the time. If the TOE supports the use of an NTP server, the operational guidance instructs
how a communication path is established between the TOE and the NTP server, and any configuration of the NTP
client on the TOE to support this communication.
The Administration Guide in the Setting the system clock section discusses using the clock set command to set the
local clock. The Administration Guide also has a section for NTP called Configuring NTP. In that section, there is an
extensive discusses about how to establish communication with an NTP server and how to configure the client.
Commands are provided for each topic and examples are given.
Testing Assurance Activities: Test 1: The evaluator uses the operational guide to set the time. The evaluator shall
then use an available interface to observe that the time was set correctly.
Test2: [conditional] If the TOE supports the use of an NTP server; the evaluator shall use the operational guidance
to configure the NTP client on the TOE, and set up a communication path with the NTP server. The evaluator will
observe that the NTP server has set the time to what is expected. If the TOE supports multiple protocols for
establishing a connection with the NTP server, the evaluator shall perform this test using each supported protocol
claimed in the operational guidance.