Manualshelf

Specifications

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
21222324252627282930
Brocade MLXand NetIron® Family Devices with Multi-Service IronWare R05.7.00
Security Target Version 1., July 15, 2014
Page 27 of 50
to meet the requirements, in some way. For each password, the evaluator shall verify that
the TOE supports the password. While the evaluator is not required (nor is it feasible) to
test all possible compositions of passwords, the evaluator shall ensure that all characters,
rule characteristics, and a minimum length listed in the requirement are supported, and
justify the subset of those characters chosen for testing.
5.1.4.2 Protected Authentication Feedback (FIA_UAU.7)
FIA_UAU.7.1
The TSF shall provide only obscured feedback to the administrative user while the authentication
is in progress at the local console.
Assurance Activity:
The evaluator shall perform the following test for each method of local login allowed:
Test 1: The evaluator shall locally authenticate to the TOE. While making this attempt,
the evaluator shall verify that at most obscured feedback is provided while entering the
authentication information.
5.1.4.3 Extended: Password-based Authentication Mechanism (FIA_UAU_EXT.2)
FIA_UAU_EXT.2.1
The TSF shall provide a local password-based authentication mechanism, [[SSH public-key-based
authentication mechanism]] to perform administrative user authentication.
Component Assurance Activity:
Assurance activities for this requirement are covered under those for FIA_UIA_EXT.1. If other
authentication mechanisms are specified, the evaluator shall include those methods in the activities
for FIA_UIA_EXT.1.
5.1.4.4 User Identification and Authentication (FIA_UIA_EXT.1)
FIA_UIA_EXT.1.1
The TSF shall allow the following actions prior to requiring the non-TOE entity to initiate the
identification and authentication process:
Display the warning banner in accordance with FTA_TAB.1;
[[network routing services]].
FIA_UIA_EXT.1.2
The TSF shall require each administrative user to be successfully identified and authenticated
before allowing any other TSF-mediated actions on behalf of that administrative user.
Component Assurance Activity:
The evaluator shall examine the TSS to determine that it describes the logon process for each
logon method (local, remote (HTTPS, SSH, etc.)) supported for the product. This description
shall contain information pertaining to the credentials allowed/used, any protocol transactions that
take place, and what constitutes a “successful logon”. The evaluator shall examine the operational
guidance to determine that any necessary preparatory steps (e.g., establishing credential material
such as pre-shared keys, tunnels, certificates, etc.) to logging in are described. For each supported
the login method, the evaluator shall ensure the operational guidance provides clear instructions
for successfully logging on. If configuration is necessary to ensure the services provided before
login are limited, the evaluator shall determine that the operational guidance provides sufficient
instruction on limiting the allowed services.