Installation guide
Motorola WS5100 Wireless Switch and RFS7000 RF Switch Security Target
Page 82 of 85
users with roles
(FMT_SMR.1(1)).
Protection of the TSF FPT_RVM.1(1)
FPT_SEP.1(1)
FPT_STM_EXP.1
FPT_TST_EXP.1
FPT_TST_EXP.2
The TOE provides for non-
bypassability of the TOE
Security Policy
(FPT_RVM.1(1)) and TSF
domain separation
(FPT_SEP.1(1)).
The TOE implements a set of
FIPS 140-2 and critical self-
tests executed during initial
start-up and upon administrator
request, or upon key
generation (FPT_TST_EXP.1
and FPT_TST_EXP.2).
TOE Access FTA_SSL.3
FTA_TAB.1
The TOE terminates a local
administrator session or a
wireless user session after a
configurable user inactivity time
interval (FTA_SSL.3).
The TOE displays a default
banner regarding unauthorized
use of the TOE (FTA_TAB.1).
Trusted Path/Channels FTP_ITC_EXP.1(1)
FTP_TRP.1
The TOE maintains a trusted
IPSec/IKE channel with the
servers, which can be initiated
by the TOE or the servers
(FTP_ITC_EXP.1(1)).
The TOE uses an EAP trusted
path for wireless user
authentication. The path can be
initiated by wireless client
devices (FTP_TRP.1).
The minimum strength level for the TOE security functions in this ST is SoF-basic. FIA_UAU.1
includes the following probabilistic/permutational mechanism for which specific SOF metrics are
appropriate: password-based administrator authentication. The administrator passwords must be
eight characters or longer in length and are case sensitive, resulting in 95
8
possible combinations.
The password-based authentication mechanism also enforces the FIPS 140-2 requirement that for
multiple attempts to use the authentication mechanism during a one-minute period, the probability is
less than one in 100,000 that a random attempt will succeed or a false acceptance will occur. If one
tries one million passwords per second, the exploit time is still more than 100 years, which satisfies
the requirements of SoF-basic.