Specifications
Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.7.00
Security Target Version 1., July 15, 2014
Page 19 of 50
Test 1: The evaluator shall establish a session between the TOE and the audit server
according to the configuration guidance provided. The evaluator shall then examine the
traffic that passes between the audit server and the TOE during several activities of the
evaluator’s choice designed to generate audit data to be transferred to the audit server.
The evaluator shall observe that these data are not able to be viewed in the clear during
this transfer, and that they are successfully received by the audit server. The evaluator
shall record the particular software (name, version) used on the audit server during
testing.
5.1.2 Cryptographic Support (FCS)
5.1.2.1 Cryptographic Key Generation (for asymmetric keys) (FCS_CKM.1)
FCS_CKM.1.1
Refinement: The TSF shall generate asymmetric cryptographic keys used for key establishment in
accordance with [
• NIST Special Publication 800-56B, 'Recommendation for Pair-Wise Key
Establishment Schemes Using Integer Factorization Cryptography' for RSA-based
key establishment schemes]
and specified cryptographic key sizes equivalent to, or greater than, a symmetric key strength of
112 bits.
Assurance Activity:
The evaluator shall use the key pair generation portions of "The FIPS 186-3 Digital Signature
Algorithm Validation System (DSA2VS)", "The FIPS 186-3 Elliptic Curve Digital Signature
Algorithm Validation System (ECDSA2VS)", and either "The RSA Validation System (RSAVS)"
(for FIPS 186-2) or “The 186-3 RSA Validation System (RSA2VS)” (for FIPS 186-3) as a guide
in testing the requirement above, depending on the selection performed by the ST author. This
will require that the evaluator have a trusted reference implementation of the algorithms that can
produce test vectors that are verifiable during the test.
The evaluator shall ensure that the TSS contains a description of how the TSF complies with 800-
56A and/or 800-56B, depending on the selections made. This description shall indicate the
sections in 800-56A and/or 800-56B that are implemented by the TSF, and the evaluator shall
ensure that key establishment is among those sections that the TSF claims to implement.
Any TOE-specific extensions, processing that is not included in the documents, or alternative
implementations allowed by the documents that may impact the security requirements the TOE is
to enforce shall be described
5.1.2.2 Cryptographic Key Zeroization (FCS_CKM_EXT.4)
FCS_CKM_EXT.4.1
The TSF shall zeroize all plaintext secret and private cryptographic keys and CSPs when no longer
required.
Assurance Activity:
The evaluator shall check to ensure the TSS describes each of the secret keys (keys used for
symmetric encryption), private keys, and CSPs used to generate keys; when they are zeroized (for
example, immediately after use, on system shutdown, etc.); and the type of zeroization procedure
that is performed (overwrite with zeros, overwrite three times with random pattern, etc.). If
different types of memory are used to store the materials to be protected, the evaluator shall check
to ensure that the TSS describes the zeroization procedure in terms of the memory in which the
data are stored (for example, "secret keys stored on flash are zeroized by overwriting once with