Manualshelf

Hardware manual

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
12345678910
Version 1.1, 03/31/2015
GSS CCT Evaluation Technical Report Page 7 of 56 © 2015 Gossamer Security Solutions, Inc.
Document: AAR-BrocadeNetIron5.8 All rights reserved.
The evaluator shall also make a determination of the administrative actions that are relevant in the context of this
PP. The evaluator shall examine the administrative guide and make a determination of which administrative
commands, including subcommands, scripts, and configuration files, are related to the configuration (including
enabling or disabling) of the mechanisms implemented in the TOE that are necessary to enforce the requirements
specified in the PP. The evaluator shall document the methodology or approach taken while determining which
actions in the administrative guide are security relevant with respect to this PP. The evaluator may perform this
activity as part of the activities associated with ensuring the AGD_OPE guidance satisfies the requirements.
Requirement
Auditable Events
Additional
Audit Record
Contents
Guidance Location
FAU_GEN.1
Startup and shutdown of
audit
FIPS Guide, Annex C
SSH login by user from src IP ip-address, src
MAC mac-address to USER EXEC mode using
RSA as Server Host Key.
SSH logout by user from src IP ip-address,
src MAC mac-address from USER EXEC mode
using RSA as Server Host Key.
FCS_HTTPS_EXT.1
Failure to establish a HTTPS
Session.
Establishment/Termination
of a HTTPS session.
1
Reason for
failure.
Non-TOE
endpoint of
connection (IP
address) for
both successes
and failures.
Administration Guide, Appendix A
Informational Message
Security telnet | SSH | web access [by
username] from src IP source ip address,
src MAC source MAC address rejected, n
attempts..
Security telnet | SSH | web access [by
username] from src IP source ip address
FCS_SSH_EXT.1
Failure to establish an SSH
session.
Establishment/Termination
of an SSH session.
1
Reason for
failure
Non-TOE
endpoint of
connection (IP
address) for
both successes
and failures.
Administration Guide, Appendix A
Informational Message
Security telnet | SSH | web access [by
username] from src IP source ip address,
src MAC source MAC address rejected, n
attempts..
SSH login by user from src IP ip-address, src
MAC mac-address to USER EXEC mode using
RSA as Server Host Key.
FCS_TLS_EXT.1
Failure to establish a TLS
Reason for
Administration Guide, Appendix A
Auditing session establishment failures is highly dependent on the implementation and is currently not
standardized in the industry. In this ST, no specific list or types of such failures is mandated as being auditable.
More specifically in this case, only user-level authentication failures are necessarily associated with SSH, HTTPS or
TLS session establishment failure.