Installation guide
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target
Page 77 of 85
FIA_UAU_EXP.5(1),
(2)
Multiple
authentication
mechanisms
This explicit requirement is needed for local
administrators because there is concern over whether or
not existing CC requirements specifically require that the
TSF provide authentication. Authentication provided by
the TOE is implied by other FIA_UAU requirements and
is generally assumed to be a requirement when other
FIA_UAU requirements are included in a TOE. In order to
remove any potential confusion about this ST, an explicit
requirement for authentication has been included. This
ST also requires the IT environment to provide an
authentication server to be used for authentication of
remote users. It is important to specify that the TSF must
provide the means for local administrator authentication
in case the TOE cannot communicate with the
authentication server. In addition, the TOE must provide
the portions of the authentication mechanism necessary
to obtain and enforce an authentication decision from the
IT environment.
FPT_TST_EXP.1 TSF Testing This explicit requirement is necessary because, as
identified in the US Government PP Guidance for Basic
Robustness, there are several issues with the CC version
of FPT_TST.1. First, the wording of FPT_TST.1.1
appears to make sense only if the TOE includes
hardware; it is difficult to imagine what software TSF
“self-tests” would be run. Secondly, some TOE data are
dynamic (e.g., data in the audit trail, passwords) and so
interpretation of “integrity” for FPT_TST.1.2 is required,
leading to potential inconsistencies amongst Basic
Robustness TOEs. Therefore, the explicit requirements
are used in this ST.
FPT_TST_EXP.2 Testing of
cryptographic
modules
This explicit requirement is necessary because the basic
self test requirement does not specify the required
elements for testing of cryptographic functions, as called
out in this explicit requirement.
FTP_ITC_EXP.1(1),
(2)
Inter-TSF
trusted channel
This explicit requirement is necessary because the
existing trusted channel requirement is written with the
intent of protecting communication between distributed
portions of the TOE rather than between the TOE and its
trusted IT environment.