Manualshelf

Specifications

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
21222324252627282930
Brocade MLXand NetIron® Family Devices with Multi-Service IronWare R05.7.00
Security Target Version 1., July 15, 2014
Page 26 of 50
also check the operational guidance to ensure that it contains instructions on configuring the TOE
so that TLS conforms to the description in the TSS (for instance, the set of ciphersuites advertised
by the TOE may have to be restricted to meet the requirements). The evaluator shall also perform
the following test:
Test 1: The evaluator shall establish a TLS connection using each of the ciphersuites
specified by the requirement. This connection may be established as part of the
establishment of a higher-level protocol, e.g., as part of a HTTPS session. It is
sufficient to observe the successful negotiation of a ciphersuite to satisfy the intent of
the test; it is not necessary to examine the characteristics of the encrypted traffic in
an attempt to discern the ciphersuite being used (for example, that the cryptographic
algorithm is 128-bit AES and not 256-bit AES).
5.1.3 User Data Protection (FDP)
5.1.3.1 Full Residual Information Protection (FDP_RIP.2)
FDP_RIP.2.1
The TSF shall ensure that any previous information content of a resource is made unavailable
upon the [allocation of the resource to] all objects.
Assurance Activity:
“Resources” in the context of this requirement are network packets being sent through (as opposed
to “to”, as is the case when a security administrator connects to the TOE) the TOE. The concern is
that once a network packet is sent, the buffer or memory area used by the packet still contains data
from that packet, and that if that buffer is re-used, those data might remain and make their way
into a new packet. The evaluator shall check to ensure that the TSS describes packet processing to
the extent that they can determine that no data will be reused when processing network packets.
The evaluator shall ensure that this description at a minimum describes how the previous data are
zeroized/overwritten, and at what point in the buffer processing this occurs.
5.1.4 Identification and Authentication (FIA)
5.1.4.1 Password Management (FIA_PMG_EXT.1)
FIA_PMG_EXT.1.1
The TSF shall provide the following password management capabilities for administrative
passwords:
1. Passwords shall be able to be composed of any combination of upper and lower case
letters, numbers, and the following special characters: [“!”, “@”, “#”, “$”, “%”, “^”,
“&”, “*”, “(”, “)”, [“'”, “+”, “,”, “-”, “.”, “/”, “:”, “;”, “<”, “=”, “>”, “[”, “\, “]”,
“_”, “`”, “{”, “}”, and “~”]];
2. Minimum password length shall settable by the Security Administrator, and support
passwords of 15 characters or greater.
Assurance Activity:
The evaluator shall examine the operational guidance to determine that it provides guidance to
security administrators on the composition of strong passwords, and that it provides instructions
on setting the minimum password length. The evaluator shall also perform the following tests.
Note that one or more of these tests can be performed with a single test case.
Test 1: The evaluator shall compose passwords that either meet the requirements, or fail