Specifications

45
6.1.2 FAU_GEN.2 User Identity Association
FAU_GEN.2.1 For audit events resulting from actions of identified users, the TSF shall be able to associate
each auditable event with the identity of the user that caused the event.
Application note: Actions of Management Users and SNMPv3 Users are identified in audit messages by their
username though Management Users are human users, and SNMPv3 Users are remote entities
such as NCS, WCS, or MSE servers.
6.1.3 FAU_SEL.1(1) Selective Audit
FAU_SEL.1.1(1) The TSF shall be able to include or exclude auditable events from the set of audited events
based on the following attributes:
a) event type.
6.1.4 FCS_BCM_(EXT).1 Extended: Baseline Cryptographic Module
FCS_BCM_(EXT).1.1All FIPS-approved cryptographic functions implemented by the TOE shall be implemented
in a crypto-module that is FIPS 140-2 validated, and perform the specified cryptographic
functions in a FIPS-approved mode of operation. The FIPS 140-2 validation shall include an
algorithm validation certificate for all FIPS-approved cryptographic functions implemented
by the TOE.
FCS_BCM_(EXT).1.2 All cryptographic modules implemented in the TOE [As a combination of hardware
and software shall have a minimum overall rating of FIPS PUB 140-2, Level 1 and also
meet FIPS PUB 140-2, Level 3 for the following: Cryptographic Module Ports and
Interfaces; Roles, Services and Authentication; Cryptographic Key Management; and
Design Assurance. ]
6.1.5 FCS_CKM.1(1) Cryptographic Key Generation (for symmetric keys)
FCS_CKM.1.1(1) The TSF shall generate symmetric cryptographic keys using a FIPS-Approved Random
Number Generator as specified in FCS_COP_(EXT).1, and provide integrity protection to
generated symmetric keys in accordance with NIST SP 800-57 "Recommendation for Key
Management" Section 6.1.
6.1.6 FCS_CKM.1(2) Cryptographic Key Generation (for asymmetric keys)
FCS_CKM.1.1(2) The TSF shall generate asymmetric cryptographic keys in accordance with the mathematical
specifications of the FIPS-approved or NIST-recommended standard [FIPS 186-3], using a
domain parameter generator and [a FIPS-Approved Random Number Generator as specified
in FCS_COP_(EXT).1] in a cryptographic key generation scheme that meets the following:
- The TSF shall provide integrity protection and assurance of domain parameter and public
key validity to generated asymmetric keys in accordance with NIST SP 800-57
"Recommendation for Key Management" Section 6.1.
- Generated key strength shall be equivalent to, or greater than, a symmetric key strength
of 128 bits using conservative estimates.2048 bits or higher.