Manualshelf

Specifications

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
11121314151617181920
Brocade MLXand NetIron® Family Devices with Multi-Service IronWare R05.7.00
Security Target Version 1., July 15, 2014
Page 20 of 50
zeros, while secret keys stored on the internal hard drive are zeroized by overwriting three times
with a random pattern that is changed before each write").
5.1.2.3 Cryptographic Operation (for data encryption/decryption) (FCS_COP.1(1))
FCS_COP.1(1).1
Refinement: The TSF shall perform encryption and decryption in accordance with a specified
cryptographic algorithm AES operating in [CBC] and cryptographic key sizes 128-bits and 256-
bits that meets the following:
FIPS PUB 197, 'Advanced Encryption Standard (AES)' [NIST SP 800-38A]
Assurance Activity:
The evaluator shall use tests appropriate to the modes selected in the above requirement from "The
Advanced Encryption Standard Algorithm Validation Suite (AESAVS)", "The XTS-AES
Validation System (XTSVS)", The CMAC Validation System (CMACVS)", "The Counter with
Cipher Block Chaining-Message Authentication Code (CCM) Validation System (CCMVS)", and
"The Galois/Counter Mode (GCM) and GMAC Validation System (GCMVS)" (these documents
are available from http://csrc.nist.gov/groups/STM/cavp/index.html) as a guide in testing the
requirement above. This will require that the evaluator have a reference implementation of the
algorithms known to be good that can produce test vectors that are verifiable during the test.
5.1.2.4 Cryptographic Operation (for cryptographic signature) (FCS_COP.1(2))
FCS_COP.1(2).1
Refinement: The TSF shall perform cryptographic signature services in accordance with a [
(1) RSA Digital Signature Algorithm (rDSA) with a key size (modulus) of 2048 bits or
greater]
that meets the following:
Case: RSA Digital Signature Algorithm
o FIPS PUB 186-2 or FIPS 186-3, 'Digital Signature Standard'.
Assurance Activity:
The evaluator shall use the signature generation and signature verification portions of "The Digital
Signature Algorithm Validation System” (DSA2VS), "The Elliptic Curve Digital Signature
Algorithm Validation System” (ECDSA2VS), and "The RSA Validation System” (RSAVS (for
186-2) or RSA2VS (for 186-3)) as a guide in testing the requirement above. The Validation
System used shall comply with the conformance standard identified in the ST (i.e., FIPS PUB
186-2 or FIPS PUB 186-3). This will require that the evaluator have a reference implementation of
the algorithms known to be good that can produce test vectors that are verifiable during the test.
5.1.2.5 Cryptographic Operation (for cryptographic hashing) (FCS_COP.1(3))
FCS_COP.1(3).1
Refinement: The TSF shall perform cryptographic hashing services in accordance with a specified
cryptographic algorithm [SHA-1, SHA-256, SHA-384, SHA-512] and message digest sizes [160,
256, 384, 512] bits that meet the following: FIPS Pub 180-3, 'Secure Hash Standard.'
Assurance Activity:
The evaluator shall use "The Secure Hash Algorithm Validation System (SHAVS)" as a guide in
testing the requirement above. This will require that the evaluator have a reference
implementation of the algorithms known to be good that can produce test vectors that are
verifiable during the test.