Installation guide
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target
Page 59 of 85
P.ENCRYPTED_CHANNEL
The TOE shall provide the
capability to encrypt/decrypt
wireless network traffic between
the TOE and those wireless
clients that are authorized to join
the network.
O.CRYPTOGRAPHY
The TOE shall provide
cryptographic functions to
maintain the confidentiality
and allow for detection of
modification of user data that
is transmitted between
physically separated portions
of the TOE, or outside of the
TOE.
O.CRYPTOGRAPHY_VALID
ATED
The TOE will use NIST FIPS
140-1/2 validated
cryptomodules for
cryptographic services
implementing NIST-approved
security functions and
random number generation
services used by
cryptographic functions.
O.MEDIATE
The TOE must mediate the
flow of information to and
from wireless clients
communicating via the TOE
in accordance with its
security policy.
OE.PROTECT_MGMT_COM
MS
The environment shall protect
the transport of audit records
to the audit server, remote
network management, and
authentication server
communications with the
TOE in a manner that is
commensurate with the risks
posed to the network.
O.CRYPTOGRAPHY and
O.CRYPTOGRAPHY_VALIDA
TED satisfy this policy by
requiring the TOE to implement
NIST FIPS validated
cryptographic services. These
services will provide
confidentiality and integrity
protection of TSF data while in
transit to wireless clients that
are authorized to join the
network.
O.MEDIATE further allows the
TOE administrator to set a
policy to encrypt all wireless
traffic.
OE.PROTECT_MGMT_COMM
S provides that the audit
records, remote network
management information and
authentication data will be
protected by means of a
protected channel in the
environment.