Specifications
89
O.CRYPTOGRAPHY
Baseline cryptographic services are provided in the TOE by FIPS PUB 140-2 compliant
modules implemented in hardware, in software, or in hardware/software combinations
[FCS_BCM_(EXT).1]. The cryptographic services offered by this baseline capability
are augmented and customized in the TOE to support
robustness environments. These TOE services are based primarily upon functional
security requirements in the areas of key management and cryptographic operations. In
the area of key management there are functional requirements that address the
generation of symmetric keys [FCS_CKM.1(1)], and the generation of asymmetric keys
[FCS_CKM.1(2)]; methods of manual and automated cryptographic key distribution
[FCS_CKM.2]; cryptographic key destruction [FCS_CKM.4]; techniques for
cryptographic key validation and packaging [FCS_CKM.1]; and cryptographic key
handling and storage [FCS_CKM_(EXT).2]. Specific functional requirements in the
area of cryptographic operations address data encryption and decryption
[FCS_COP.1(1)]; cryptographic signatures [FCS_COP.1(2)]; cryptographic hashing
[FCS_COP.1(3)]; cryptographic key agreement [FCS_COP.1(4)]; and improved random
number generation [FCS_COP_(EXT).1].
O.CRYPTOGRAPHY_
VALIDATED
Baseline cryptographic services are provided in the TOE by FIPS PUB 140-2 compliant
modules implemented in hardware, in software, or in hardware/software combinations
[FCS_BCM_(EXT).1]. The cryptographic services offered by this baseline capability
are augmented and customized in the TOE to support medium robustness environments.
These TOE services are based primarily upon functional security requirements in the
areas of key management and cryptographic operations. In the area of key management
there are functional requirements that address the generation of symmetric keys
[FCS_CKM.1(1)], and the generation of asymmetric keys [FCS_CKM.1(2)]; methods of
manual and automated cryptographic key distribution [FCS_CKM.2]; cryptographic key
destruction [FCS_CKM.4]; techniques for cryptographic key validation and packaging
[FCS_CKM.1]; and cryptographic key handling and storage [FCS_CKM_(EXT).2].
Specific functional requirements in the area of cryptographic operations address data
encryption and decryption [FCS_COP.1(1)]; cryptographic signatures [FCS_COP.1(2)];
cryptographic hashing [FCS_COP.1(3)]; cryptographic key agreement [FCS_COP.1(4)];
and improved random number generation [FCS_COP_(EXT).1].
O.DISPLAY_BANNER
FTA_TAB.1 meets this objective by requiring the TOE display an administrator defined
banner before a user can establish an authenticated session. This banner is under
complete control of the administrator in which they specify any warnings regarding
unauthorized use of the TOE and remove any product or version information if they
desire. The only time that it is envisioned that an authenticated session would need to be
established is for the performance of TOE administration. Bannering is not necessary
prior to use of services that pass network traffic through the TOE.
O.DOCUMENTED_
DESIGN
ADV_FSP.4 and ADV_TDS.3 support this objective by requiring that the TOE be
developed using sound engineering principles. The use of a high level design and the
functional specification ensure that developers responsible for TOE development
understand the overall design of the TOE. This in turn decreases the likelihood of design
flaws and increases the chance that accidental design errors will be discovered.
ADV_FSP.4 and ADV_TDS.3 are also used to ensure that the TOE design is consistent
across the Design and the Functional Specification.