Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment4404 - Wireless LAN Controller
31323334353637383940
31
3) FCS_BCM_(EXT).1.2 was deleted to bring the ST in conformance with current
cryptography policy as exemplified in the common management requirements PP (draft).
4) FCS_CKM.1.1(2) changed 128 bit symmetric strength to 2048 bit modulus (to match
FCS_COP.1(2)).
5) FCS_COP.1(3) was refined to include support for SHA-1 for compatibility with existing
protocols (DTLS/TLS,SNMPv3).
6) FDP_PUD_(EXT).1 was updated to remove the word authenticatedfrom both bullets
as the encryption happens prior to authentication and FCS_COP_(EXT).2 was changed to
FCS_COP.1(1).
7) FIA_AFL.1.2(2) was refined to replace “TSFwith TOE IT Environment.
8) FIA_USB.1 was refined to include the word “administrator” prior to user, to specify that
this is for the administrative TOE users. Also, the iteration identifier of (1) was added to
it, because a second iteration was added for wireless users.
9) FMT_MOF.1(1) was refined to specify administratorswith read-write permission.
10) FMT_MOF.1(2) was refined to specify administrators with read -write permission.
11) FMT_MOF.1(3) was refined: to specify administrators “with read-write permission, and
to remove the bullet about setting an authentication failure limit because that function is
enforced by and configured on the RADIUS server in the IT Environment.
12) FMT_MOF.1(4) on the IT Environment was refined to add all the available selections
from CC Part 2 “disable, enable, modify the behaviour of”. Without all those abilities,
the “security administrator of the authorized IT entitywouldnt be able to do whats
defined in the iterations of FMT_MTD.1 on the IT Environment.
13) FPT_TST.1(1) and FPT_TST.1(2) were modified to change the role from cryptographic
administrator to administrator.
14) FTP_TRP.1 was refined to change the two mentions of “wireless users” to wireless
client devicesas the path is not truly to the user.
15) The wording of the rationale to support mapping OE.MANAGE to
T.TSF_COMPROMISE was adjusted to reflect proper focus on the IT Environment and
functions. Wording was changed from, “…the administrator can view security relevant
audit events, to, the TOE operational environment limits access to management
functions to the administrator.
16) The wording of rationale to support mapping of O.DOCUMENTED_DESIGN to
T.POOR_DESIGN was updated to reference ADV_TDS instead of ADV_RCR to be
consistent with CC v3.1.
17) The wording of O.TIME_STAMPS was changed to reflect the fact that the TOE has its
own hardware clock and its that hardware clock that’s used when applying timestamps to
audit records, while the clock itself can be updated by an administrator, or an
administratively-defined source of automated clock updates.
3.3 Protection Profile Additions
3.3.1 TOE Security Problem Definition Additions
The TOE for this ST contains functionality for Wireless IPS ( wIPS) specific audit events. These are
captured in a threat, policy, objective and explicitly stated SFR. This ST claims conformance to the PP
listed above with the following additions for the wIPS functionality: