Installation guide

ManualsBrandsMotorola ManualsComputer equipmentRFS7000 Series

Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target

Page 69 of 85

O.TIME_STAMPS

The TOE shall obtain

reliable time stamps from

the IT Environment and the

capability for the

administrator to set the

time used for these time

stamps.

FPT_STM_EXP.1

FPT_STM_EXP.1 requires that the TOE be

able to obtain reliable time stamps for its own

use and therefore, partially satisfies this

objective. Time stamps include date and time

and are reliable in that they are always

available to the TOE, and the clock must be

monotonically increasing.

O.TOE_ACCESS

The TOE will provide

mechanisms that control a

user’s logical access to the

TOE.

FIA_AFL.1(1)

FIA_ATD.1(1)

FIA_UAU.1

FIA_UAU_EXP.5(1)

FIA_UID.2

AVA_SOF.1

FTA_SSL.3

FTP_TRP1

FTP_ITC_EXP.1(1)

FIA_UID.2 plays a role in satisfying this

objective by ensuring that every user is

identified before the TOE performs any

mediated functions. In most cases, the

identification cannot be authenticated (e.g.,a

user attempting to send a data packet through

the TOE that does not require authentication.

It is impractical to require authentication of all

users that attempt to send data through the

TOE, therefore, the requirements specified in

the TOE require authentication where it is

deemed necessary. This does impose some

risk that a data packet was sent from an

identity other than that specified in the data

packet.

AVA_SOF.1 requires that any permutational or

probabilistic mechanism in the TOE be

analyzed and found to be resistant to attackers

possessing a “low” attack potential. This

provides confidence that security mechanisms

vulnerable to guessing type attacks are

resistant to casual attack.

FIA_UAU.1 and FIA_UAU_EXP.5(1)

contribute to thisobjective by ensuring that

administrators and users are authenticated

before they are provided access to the TOE or

its services.

In order to control logical access to the TOE

an authentication mechanism is required. The

local administrator authentication mechanism

is necessary to ensure an administrator has

the ability to login to the TOE regardless of

network connectivity (e.g., it would be

unacceptable if an administrator could not

login to the TOE because the authentication

server was down, or that the network path to

the authentication server was unavailable).

FIA_AFL.1(1) ensures that the TOE can

protect itself and its users from brute force