Specifications
Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.7.00
Security Target Version 1., July 15, 2014
Page 15 of 50
5. Security Requirements
This section defines the Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs)
that serve to represent the security functional claims for the Target of Evaluation (TOE) and to scope the evaluation
effort.
The SFRs have all been drawn from the Protection Profile (PP): Protection Profile for Network Devices, version
1.1, 8 June 2012 (NDPP) with Errata #2, 13 January 2014. The refinements and operations already performed in that
PP are not identified (e.g., highlighted) here, rather the requirements have been copied from that PP and any residual
operations have been completed herein. Of particular note, the NDPP made a number of refinements and completed
some of the SFR operations defined in the Common Criteria (CC) and that PP should be consulted to identify those
changes if necessary.
The SARs are also drawn from the NDPP which includes all the SARs for EAL1 as defined in the CC. However, the
SARs are effectively refined since requirement-specific 'Assurance Activities' are defined in the NDPP that serve to
ensure corresponding evaluations will yield more practical and consistent assurance than the EAL1 assurance
requirements alone. As such, those assurance activities have been reproduced in this ST to ensure they are included
within the scope of the evaluation effort.
5.1 TOE Security Functional Requirements
The following table identifies the SFRs that are satisfied by the TOE.
Requirement Class
Requirement Component
FAU: Security audit
FAU_GEN.1: Audit Data Generation
FAU_GEN.2: User identity association
FAU_STG_EXT.1: External Audit Trail Storage
FCS: Cryptographic
support
FCS_CKM.1: Cryptographic Key Generation (for asymmetric keys)
FCS_CKM_EXT.4: Cryptographic Key Zeroization
FCS_COP.1(1): Cryptographic Operation (for data encryption/decryption)
FCS_COP.1(2): Cryptographic Operation (for cryptographic signature)
FCS_COP.1(3): Cryptographic Operation (for cryptographic hashing)
FCS_COP.1(4): Cryptographic Operation (for keyed-hash message
authentication)
FCS_HTTPS_EXT.1: Explicit: HTTPS
FCS_RBG_EXT.1: Extended: Cryptographic Operation (Random Bit
Generation)
FCS_SSH_EXT.1: Explicit: SSH
FCS_TLS_EXT.1: Explicit: TLS
FDP: User data protection
FDP_RIP.2: Full Residual Information Protection
FIA: Identification and
authentication
FIA_PMG_EXT.1: Password Management
FIA_UAU.7: Protected Authentication Feedback
FIA_UIA_EXT.1: User Identification and Authentication
FIA_UAU_EXT.2: Extended: Password-based Authentication Mechanism
FMT: Security
management
FMT_MTD.1: Management of TSF Data (for general TSF data)
FMT_SMF.1: Specification of Management Functions
FMT_SMR.2: Restrictions on Security Roles
FPT: Protection of the
TSF
FPT_SKP_EXT.1: Extended: Protection of TSF Data (for reading of all
symmetric keys)
FPT_APW_EXT.1: Extended: Protection of Administrator Passwords
FPT_STM.1: Reliable Time Stamps
FPT_TST_EXT.1: TSF Testing
FPT_TUD_EXT.1: Extended: Trusted Update