Hardware manual
Version 1.1, 03/31/2015
GSS CCT Evaluation Technical Report Page 52 of 56 © 2015 Gossamer Security Solutions, Inc.
Document: AAR-BrocadeNetIron5.8 All rights reserved.
The operational guidance shall contain instructions for configuring the cryptographic engine associated with the
evaluated configuration of the TOE. It shall provide a warning to the administrator that use of other cryptographic
engines was not evaluated nor tested during the CC evaluation of the TOE.
The documentation must describe the process for verifying updates to the TOE, either by checking the hash or by
verifying a digital signature. The evaluator shall verify that this process includes the following steps:
1. For hashes, a description of where the hash for a given update can be obtained. For digital signatures,
instructions for obtaining the certificate that will be used by the FCS_COP.1(2) mechanism to ensure that a signed
update has been received from the certificate owner. This may be supplied with the product initially, or may be
obtained by some other means.
2. Instructions for obtaining the update itself. This should include instructions for making the update accessible to
the TOE (e.g., placement in a specific directory).
3. Instructions for initiating the update process, as well as discerning whether the process was successful or
unsuccessful. This includes generation of the hash/digital signature..
The TOE will likely contain security functionality that does not fall in the scope of evaluation under this PP. The
operational guidance shall make it clear to an administrator which security functionality is covered by the
evaluation activities.
The FIPS Guide includes an Appendix E to provide a complete list of system processes. This list is for all system
(aka privileged) processes on the appliance. In addition to providing the list, the document identifies the priority of
each process.
The FIPS Guide provides detailed instructions (separately for the MLX and CER/CES devices) for copying the new
signature and new imagine onto the device and loading the new signature image. The steps discuss where to put
the image and the commands to install it. The steps also verify the signature. A list of potential error message is
described and some troubleshooting tips are included in case the upgrade fails.
3.2.2 PREPARATIVE PROCEDURES (AGD_PRE.1)
Assurance Activities: As indicated in the introduction above, there are significant expectations with respect to the
documentation—especially when configuring the operational environment to support TOE functional
requirements. The evaluator shall check to ensure that the guidance provided for the TOE adequately addresses all
platforms claimed for the TOE in the ST.
Hardware Installation Manuals for all product families – MLX and CER – are available on-line. The more general
manuals (and those specifically subject to evaluation) like FIPS Guide and the Security Configuration Guide apply to
all models. The completeness of the manuals is addressed by their use in the AA’s carried out in the evaluation.