Internet Backbone PP

8/9/2019 Internet Backbone PP

1/36

CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998

Contents

1. INTRODUCTION TO THE PROTECTION PROFILE................................................................................2

1.1 PP IDENTIFICATION...........................................................................................................................................2

1.2 PP OVERVIEW...................................................................................................................................................2

2. TARGET OF EVALUATION (TOE) DESCRIPTION....................................................................................2

3. SECURITY ENVIRONMENT..........................................................................................................................

3.1 I NTRODUCTION................................................................................................................................................. .4

3.1.1 Critical Assets.........................................................................................................................................43.1.2 Protection N eeds..............................................................................................................................53.1.3 T hreat Agents....................................................................................................................................5

3.2 ASSUMPTIONS...................................................................................................................................................6

3.3 THREATS........................................................................................................................................................... .7

3.4 ORANI!ATIONA" SECURIT# PO"ICES............................................................................................................. .8

. SECURITY O!"ECTIVES................................................................................................................................#

4.1 SECURIT# OB$ECTIVES FOR THE TOE...............................................................................................................9

4.2 SECURIT# OB$ECTIVES FOR THE E NVIRONMENT............................................................................................1%

$. IT SECURITY RE%UIREMENTS.................................................................................................................1&

&.1 TOE SECURIT# FUNCTIONA" R E'UIREMENTS...............................................................................................1%

&.2 TOE SECURIT# ASSURANCE R E'UIREMENTS................................................................................................ .21

5.2.1 Configuration Management Assurance Requirements.........................................................................22

5.2.2 Delivery an !"eration Assurance Requirements...............................................................................225.2.3 Develo"ment Assurance Requirements.................................................................................................23

5.2.4 #uiance Documents Assurance Requirements...................................................................................24

5.2.5 Tests Assurance Requirements..............................................................................................................2$

5.2.$ %ulnera&ility Assessment Assurance Requirements..............................................................................2'

'. RATIONALE.....................................................................................................................................................2#

6.1 SECURIT# R E'UIREMENTS R ATIONA"ES........................................................................................................ .296.2 FUNCTIONA" DEPENDENCIES......................................................................................................................... .3%

6.3 R ATIONA"E FOR NOT SATISF#IN A"" DEPENDENCIES................................................................................. .32

. ACRONYMS.....................................................................................................................................................33

. REFERENCES..................................................................................................................................................3

E()* A*+,)0 1 ENTS UMCP


2/36


1. INTRODUCTION TO THE PROTECTION PROFILE

1.1 PP Identification

T), C, 5 W)*,++ USA I* B0 P*0) P*), * "-R)+

E:)*(+.

R)+*) ;TBD P) P*+0 ?POP@> P0 , 0*,> * +0*)=> *0) *),.

1.2 PP Overview

T)+ P*0) P*), +0))+ C, 5 W)*,++ ())((-+0*)= *)*(+ * I* B0 *. T P*0) P*), 5)+ ++()+ +0*)=

+0+ :)*( ) )0 POP ),, ,05. I ,+ 5)+ *+> )(,()-)55 +0*)= 0):+ POP+ * 5+> 5 0),5 ++*0 *)*(+ ( + 0):+. F),,=> PP *:)5+ *),

5(+*) *)*(+ ( +0*)= 0):+.

2. TARGET OF EALUATION !TOE" DE#CRIPTION

A P) P*+0 ?POP@ )+ (+ :)+), * ) I* B0 *. T ()

*+ POP )+ *:)5 I* 00):)= I* S*:)0 P*:)5*+ 5 *

I* +*+ : 5+ * ) +5 55)05 ,)+ I* B0 *.

I 55)) ,) 00) I*> POP 0,5 *:)5 55)), +*:)0+ )+

0+(*+ +0 +

• T D() N( S=+( ?DNS@

• T S)(, M), T*+* P*0, ?SMTP@

• T N* T)( P*0, ?NTP@

• T F), T*+* P*0, ?FTP> TFTP@

• T N* N+ T*+* P*0, ?NNTP@

S( POP+ * ,+ *++), * *)0 G0 5)* *+> 0,,5A(+ S=+(+ ?AS@. I 55)) : 00)> 0 POP + 005

* (* POP+ +( AS ) * *( I* B0.

F*( +0*)= ) :)> POP )+ (+ 0*))0, ,0 * I* B0

+*:)0 *:)5*+. I *5* *:)5 +*:)0+ )+ 0+(*+> POP + ),= :)+),



3/36


*+ I* 0(()=. I 55)) +*:)0+> ) (+ +* )5 5

5 (( 00+++.

O:*,,> +0*)= 0) POP )+ *:)5 0*,,5 5 5)5 00++ )+* 5+ 5 +*:)0+. I + *:)5 00++ *( )+)5 5 +)5 )+ AS =

,,) * *0) 0 ,. I 55))> ) + *0 *+) *)0 0() ) AS +

,, + *: :), 0+ )+ 0+(*+. F)* 2.1 ++ ,)0, **+) POP* 00)+.

F)* 2.1.

T)+ P*0) P*), +0))+ ())((-+0*)= *)*(+ * TOE+ 0(+5 * 5+ ) POP+> **5,++ *5*-+* )(,()> 00)= * )*,

*0)0*.

T TOE 5+0*)+ 5 ,+

• I*0 I* T POP+ +( AS ?I+)5@

• I*0 C* POP 5 C+(* E)( ?C+(*@

• I*0 P* T POP+ ) 5)* AS+. ?P*)@

I 55)) 5 , TOE 5+0*)+ )5 5 5 (( POP.

U+*+ TOE 0+)+ ( +*+ 5 G*, * 5+. H( +*+ (= * (=

++0)5 ) +), *, TOE. Net+o,- Aess Se/,0t Po0 5)+

( +* 00++ 5 *()++)+ * ,, * *))) )+ ?I+)5 I> C+(* C 5P*) P@. Dt Fo+ Se/,0t Po0 *,+ 5) )0 5 0+ (= 005 5


Internet $ac%&one Networ% Arc'itect(re Dia)ra*

POP

Backbone Link OSPF

UU-net

Mae-East

Mae-West

Sprint

I n t e r n e t P e e r i n g B G P

Customer

POP

Customer Link

C u s t o m e r

P O P

C u s t o m e r L i nk

C u s t o m e r

E q u i p m e n t

C u s t o m e r L i n k

POPouter

outer outer

Ser!er Ser!er

- - -- - -

Ser!er Ser!er

- - - - - -

P O P B a c k b o n e L i n k O S P F

P

C

I


4/36


*0++5 = TOE * 0 )5):)5, *))) )+ ?I+)5 I> C+(* C 5 P*) P@. I

N* A00++ S0*)= P,)0= *()+ ( +*+ * *):),5 +*+ (= +5

5 *0): )*() FTP> -(),> + * DNS +*:*+ ) POP> +0 +*+ ),, : )5))5 5 )05 = TOE * *++ * *)J5. F*( +

( +*+> ,= *):),5 +*+ (= 00++ TOE * *( (+ ?,> *,)>

0@. I *):),5 +* 00+++ TOE *(,=> * +00++, )5))0) 5)0) ?+) -)( )0) (0)+(@ *+5 0, +) +( =

0*=) ) +0*,= *5 5 5)+*)5 = :,+ (+ +5. I 55))

*( 00++> *)J5 5())+**+ (= 00++ TOE * ,0, (+ )0*=)> +0 + * 0+, ) +0 0+ +00++, )5))0) 5 )0) )+

*)*5.

EG*, * 5+ +5) )*() * TOE 5 : )5))5 5

)05> ,++ + 0)+ * +*5 = 5*,=) +*:)0 ?..> [email protected]:*> G*, * 5+ () +5 )*() TOE (+ ,=+

)5))5 5 )05. T+ G*, * 5+ * +00++,,= )5))5 5

)05 ?+) -)( )0) (0)+(@ * *)J5 G*, *

5+.

W *0*55> 5) *), 5 )+ +(5 ) 55, 5 5 )(. A5) :+ )0,5

(5))0)+ * +*+ ++0)5 ) *):),5 +* *, 5 +

)5))0) 5 )0) (0)+(+ )0,5) = (5 *+ )0)5. T TOE 00*5) N* A00++ S0*)= P,)0= *,+ 5 + ,, +0*)=

0)+ (+ )*() , 0*, 50)+)+.

+. #ECURIT, ENIRON-ENT

+.1 Introd(ction

Protection Profle-compliant TOEs are meant to be used in an environment inwhich critical, but unclassifed, inormation is processed. Systems thatcomply with this Protection Profle are expected to utilie crypto!raphicmechanisms or one time password or remote authentication.

I *5* 5) +0*)= :)*( * TOE ) 0(,)0 ) )+ PP> 0*))0, +++>

protection needs, and threat a!ents has to be defned.

+.1.1 Critica A//et/

C*))0, +++ TOE * )+ P*0) P*), *

• "outin! #normation

• $etwor% &andwidth

• 'ccess (ist

• )ser 'ccounts

• *ustomer 'ccounts



5/36


• Processor cycles

+.1.2 Protection Needs

Protection needs or the above mentioned assets are protection a!ainst+

• Confdentiality i.e., Sensitivity, Secrecy attac%.

• Integrity i.e., 'ccuracy, 'uthenticity, 'uthentication, 'uthoriation,

'ccountin! attac%.

• Availability i.e., ault Tolerance, "ecovery, )tility attac%.

+.1.+ Threat Agents

or this Protection Profle compliant TOE threat a!ents are+

• Privile!ed )ser or 'uthoried 'dministrator

• 'uthoried )ser

• 'ttac%er

E()* A*+,)0 & ENTS UMCP


6/36


+.2 A//(*0tion/

The ollowin! conditions are assumed to exist in the operationalenvironment.

Formal Assumption Specifcations.

N4e Des,05t0on

A.P*+,.1 I )+ ++(5 * (* *):),5 +*+ ) ) ,:, G*)+ *++)5 ( TOE 5 +0*)= )*() ) 0)+

-) +)+. A,+ *):),5 +*+ +,5 *+5> 5,)*,=

+ )* *):),+ + + 5*() +0*)=.

A.P*+,.2 A*)J5 +*+ TOE * ++(5 ++++ 0++*= *):),+

00++ )*() (5 = TOE.

A.P*+,.3 A)05 +*+ * *,,= *+5 **( 5)+0*)*= 0)+ )

00*50 ) +0*)= ,)0)+.

A.P*+,.4 A)05 +*+ *0)J 5 * +0* IT :)*(.

A.P=+)0,.1 T *0++) *+*0+ TOE * ++(5 ,05 ))

0*,,5 00++ 0),))+> )0 ),, *+ *)J5 =+)0, 00++.

A.P=+)0,.2 T TOE *5* 5 +* 0*))0, +0*)= ,)0= *0( *

++(5 =+)0,,= *05 *( *)J5 (5))0) = ),,= +), +)5*+.

A.P=+)0,.3 H( +*+ )) =+)0,,= +0* 5*= *0) TOE (=00++ TOE *( +( 5)*0 00).

A.P=+)0,.4 T *0++) *+*0+ TOE 55 *5* +0*)= *+

),, ,05 )) 0*,,5 00++ 0),))+ ()) *)J5> =+)0, 00++.

A.U+.1 T TOE *:)5+ +*:)0+ *)J5 +*+.

A.U+.2 A*)J5 5())+**+ (= 00++ TOE *(,= )5 5

5.



7/36


+.+ T'reat/

A L* ?+ 5)5 ) CC@ )+ 5+)*, : ++),= 0+5 = )5))5 *. T= 0+ * (= 0+ *)J5 5)+0,+*> (5))0)> * ,++ + )*()

* )*+*0* )0 *=) *0.

Formal Threats Specifcations.

N4e Des,05t0on

T.'vailability./ 'n attac%er may cause the TOE to temporarily orpermanently become unavailable or the service that it isintended to provide.

T.*onfdentiality./

'n attac%er may be able to !ather some conclusion aboutthe TOE by obtainin! publicly available inormation about TOE.

T.*onfdentiality.0

'n attac%er may be able to view inormation bein! sentrom and to the TOE.

T.#nte!rity./ 'n attac%er user may access the TOE by impersonatin! anauthoried user o the TOE.

T.#nte!rity.0 ' user may cause audit records to be lost or prevent uturerecords rom bein! recorded by ta%in! actions to exhaustaudit stora!e capacity.

T.#nte!rity.1 'n attac%er may bypass routin! inormation stored in TOE.' T*P connection, where the loose source route option is

enabled, allows an attac%er to explicitly route pac%et,throu!h the networ% to a destination without ollowin! theusual routin! process.

T.#nte!rity.2 'n attac%er may chan!e routin! inormation stored in TOE,by in3ectin! bo!us routin! inormation in the networ%.

T.#nte!rity.4 'n attac%er or unauthoried user may read, modiy, ordestroy TOE internal data.

T.#nte!rity.5 ' user may not be accountable or the actions that theyconduct.

T.#nte!rity.E./. 'n attac%er user may access the TOE by impersonatin! anauthoried user o the TOE.



8/36


+. Or)aniationa #ec(rit3 Poice/

&andwidth as critical asset or this TOE ant it is protected by applyin!security police in the TOE.

F*( )* 2.1. 0 5) 00++ ,)+ * 0 ),*) +5 *))) 55+)) IP 55*++.

OriginationIP

DestinationIP

*in #P *ip

*out *ip #P

#in6out

#P #P

Pin #P7*wip *8ipPout *8ip #P7*8ip

i!ure 0./.

*in 9 #nterace to the customer, direction towards the customer

*out 9 #nterace to the customer, direction rom the customer

#in6out 9 #nterace to the another POP

Pin 9 #nterace to the peerin! partner, direction towards the peerin!partner

Pout 9 #nterace to the peerin! partner, direction rom the peerin!partner

#P 9 Set o all valid #P addresses

*8ip 9 *able and 8ireless #P set: *8ip is subset o the #P

*ip 9 *ustomers #P set: *ip is subset o the *8ip.

Fo,4 Po0 Specifcations

N4e Des,05t0on

P./. Only privile!ed user and authoried user should be able toconnect to the TOE

P.0. 'll conf!uration chan!es to the TOE have to be recorded.

P.1. 'll security unctions chan!es to the TOE have to be recorded



9/36


and monitored.

P.1. 'll attempts to !ain access to TOE have to be recorded.

P.2 #nbound mana!ement services have to be accessible only romthe *8ip set.



10/36


. #ECURIT, O$4ECTIE#

.1 #ec(rit3 O&5ective/ for t'e TOE

Formal Obectives Specifcations

N4e Des,05t0on

O.A:),),)=.1 T TOE (+ *:)5 0),)= ,+ *)J5 +* +,, +*:)0+ *:)55 = TOE * *)J +* ) *5)05

)**)+ +*:)0+.

O.A:),),)=.2 T TOE (+ *:)5 0),)=> )0 ,+ *):),5 +*

( TOE 5 )+ +0*)= 0)+.

O.C)5),)=.1 T TOE (+ *: *+ )0) 5.

O.C)5),)=.2 T TOE (+ *0 0)5),)= )+ 5), ) *)J55())+**.

O.C)5),)=.3 T TOE (+ *:)5 (+ ,,) +0 + *+*0+ *+*:)0+ ) +* )5)= ) 5)+0,+5 * ))+.

O.I*)=.1 T TOE (+ ),= )5)= ,, +*+> 5 (+ )0

0,)(5 )5)= * *) +* 00++ TOE +*:)0+.

O.I*)=.2 T TOE (+ *:)5 +* 00),)= * *):),5 +* + +0*)= 0)+.

O.I*)=.3 T TOE (+ *:)5 +* 00),)= * *)J5 + ,,+*:)0+ *:)55.

O.I*)=.4 T TOE (+ *:)5 (+ *0*5 *5, 5) *), +0*)=-

*,5 :+> ) 00* 5+ 5 )(+> 5 (+ +*0 5

+* 5) *), +5 *,: *)+.

O.I*)=.& T TOE (+ 50 (+ = *)J5 +*+ =++> 50):>* (* ) TOE +0*)= 0)+.

O.I*)=.6 T TOE (+ 50 ,++ )*)= 0) +0*)= 0)+.

O.I*)=.7 U ))), +*- TOE * *0:*= *( )**) ) TOE+*:)0> TOE (+ 0(*()+ )+ *+*0+ * + =

005 *.

O.DF,.1 T TOE (+ *:)5 (+ ,,) 5 5=) 5 , +5 *)J), +0*)= ,)0=.

E()* A*+,)0 1% ENTS UMCP


11/36


.2 #ec(rit3 O&5ective/ for t'e Environ*ent

T ,,) * -IT +0*)= 0):+ * +)+)5 ) )(+) 0)0,*)*(+ TOE. T= ),, *)* )(,() 0)+ ) TOE

*5* 5/* +*. T**> = ),, +)+)5 ,*,= * ,)0)

*05*, * 5())+*): (+*+.

N4e Des,05t0on

O.P*+,.1 T+ *++), * TOE (+ +* TOE )+ 5,):*5> )+,,5>

5())+*5> 5 *5 ) (* ())+ +0*)=.

O.P*+,.2 P*):),5 +*+ * *)5 +,)+ 5 ()) +5 +0*)= ,)0)+5 *0)0+.

6. IT #ECURIT, RE7UIRE-ENT#

T IT S0*)= R)*(+ 5) +0*)= 0), *)*(+ 5 ++*0*)*( (+ +)+)5 = P*0) P*), 0(,) TOE. F0),

0(+ *( * 2 CC * +5 * 0), *)*( 5 :,).

A++*0 ,:, 0(+ *( * 3 CC * +5 ++*0 *)*(+.

6.1 TOE #ec(rit3 F(nctiona Re8(ire*ent/

T +0*)= 0), *)*( * TOE ) 0(,)0 ) )+ PP * **+5 )

,,) ,

6e F/nt0on Co45onents

N4e Des,05t0on

FAUARP.1 S0*)= ,*(+

FAUSAA.1 P), :),) ,=+)+

FAUEN.1 A5) 5 *)

FAUSAR.1 A5) *:)

FAUSAR.3 S,0, 5) *:)

FAUST.1 P*05 5) *), +*

FAUST.4 P*:) 5) 5 ,++

FCSCKM.1 C*=*)0 = *)

FCSCKM.2 C*=*)0 = 5)+*))



12/36


FCSCKM.4 C*=*)0 = 5+*0)

FCSCOP.1 C*=*)0 *)

FDPACC.1 S+ 00++ 0*,

FDPACF.1 S0*)= *) +5 00++ 0*,FDPIFC.1 S+ )*() , 0*,

FDPIFF.1 S)(, +0*)= *)+

FIAAF".1 A)0) ),* 5,)

FIAATD.1 U+* *) 5)))

FIAUAU.1 T)() )0)

FIAUAU.4 S),-+ )0) (0)+(+

FIAUID.1 T)() )5))0)

FMTMOF.1 M( +0*)= 0)+ :)*

FMTMSA.1 M( +0*)= *)+

FMTMSA.2 S0* +0*)= *)+

FMTMSA.3 S)0 *) ))),)J)

FMTSMR.1 S0*)= *,+

FPRANO.1 A=()=

FPTF"S.1 F),* ) *+*:) +0* +

FPTSEP.1 TSF 5() +*)

FPTSTM.1 R,), )( +(+

FRUF"T.2 ")()5 , ,*0

FTATAB.1 D, TOE 00++ *+

FAUARP.1 S0*)= ,*(+

S0*)= ,*(+> TSF +,, 0)+ ) 0+ ), +0*)= :),) )+

505.

FAU7ARP.1.1 T TSF +,, inform "rivilege user 50) ), +0*)= :),).



13/36


FAUEN.1 A5) 5 *)

A5) 5 *) 5)+ ,:, 5)-, :+> 5 +0))+ ,)+ 5 +,, *0*55 ) 0 *0*5.

FAU7GEN.1.1 T TSF +,, , * 5) *0*5 ,,)

5)-, :+

@ S*- 5 +5 5) 0)+

&( A,, 5), :+ * minimum or &asic as s"ecifie in ta&le 5.1 ,:,

5).

FAU7GEN.1.2 T TSF +,, *0*5 )) 0 5) *0*5 ,+

,,) )*()

@ D 5 )( :> = :> +0 )5)=> 5 0(?+00++ * ),*@ : 5

@ F* 0 5) : => +5 5), : 5)))+ 0), 0(+ )0,55 ) PP/ST> as s"ecifie in ta&le 5.1

A/80t9e E:ent T9e

F/nt0on Co45onent Le:e A/80t9e E:ent

FAUARP.1 M))(, A0)+ 5 )(() +0*)= :),)+.

FAUSAA.1 M))(, E,) 5 5)+,) = ,=+)+(0)+(+

A(5 *+++ **(5 = ,.

FAUSAR.1 B+)0 R5) )*() *( 5) *0*5+.

FAUST.4 B+)0 A0)+ 5 5) +* ),*.

FCSCKM.1 M))(, S00++ 5 ),* 0):)=.

FCSCKM.2 M))(, M))(, S00++ 5 ),* 0):)=.

FCSCKM.4 M))(, S00++ 5 ),* 0):)=.

FCSCOP.1 M))(, S00++ 5 ),*> 5 = 0*=*)0

*).

FDPIFF.1 M))(, D0)+)+ *() *+5 )*() ,+.

FDPIFF.1 B+)0 A,, 50)+)+ *++ * )*() ,.

FIAAF".1 M))(, T *0) *+,5 * +00++,



14/36


)0) (+ 5 0)+ ?.. 5)+,) *(),@ 5 ++> ) **)>

*+*) *(, + ?.. *-,)

*(),@.

FIAUAU.1 M))(, U+00++, + )0) (0)+(

@ B+)0 A,, + )0) (0)+(

0@ D),5 A,, TSF (5)5 0)+ **(5 *

)0) +*.

FIAUAU.1 B+)0 A,, + )0) (0)+(

FIAUAU.4 M))(, A(+ *+ )0) 5.

FIAUID.1 M))(, U+00++, + +* )5))0) (0)+(>

)0,5) +* )5)= *:)55

FIAUID.1 B+)0 A,, + +* )5))0) (0)+(> )0,5) +* )5)= *:)55.

FMTMOF.1 B+)0 A,, (5))0)+ ) :)* 0)+ )

TSF.

FMTMSA.1 B+)0 A,, (5))0)+ :,+ +0*)= *)+.

FMTMSA.2 M))(, A,, *5 5 *05 :,+ * +0*)= *).

FMTMSA.3 B+)0 A,, (5))0)+ ))), :,+ +0*)=*)+.

FMTSMR.1 M))(, (5))0)+ * +*+ * * *,

FPRANO.1 M))(, T ):0) =()= (0)+(.

FPTF"S.1 B+)0 F),* TSF.

FPTSTM.1 M))(, 0+ )(

FRUF"T.2 M))(, A= ),* 505 = TSF.

FAUSAA.1 P), :),) ,=+)+

P), :),) ,=+)+> +)0 *+,5 50) +)+ )G5 *,+ )+ *)*5.

FAU7SAA.1.1 T TSF +,, , ,= + *,+ ) ()*)

5)5 :+ 5 +5 + *,+ )5)0 ), :),)

TSP.

FAU7SAA.1.2 T TSF +,, *0 ,,) *,+ * ()*) 5)5

:+



15/36


@ A00(,) * 0()) all events from Auita&le )vent Ta&le

)5)0 ), +0*)= :),).

FAUSAR.1 A5) *:)

A5) *:) *:)5+ 0),)= *5 )*() *( 5) *0*5+.

T)+ 0( ),, *:)5 *)J5 +*+ 0),)= ) 5)** )*(). I 0+ ( +*+ )+ )*() 5+ ) ( 5*+5, *+). I 0+ G*, IT ))+ )*()

5+ ()+,= **+5 ) ,0*)0 +).

FAU7SAR.1.1 T TSF +,, *:)5 *rivilege users ) 0),)= *5 all auit information *( 5) *0*5+.

FAU7SAR.1.2 T TSF +,, *:)5 5) *0*5+ ) (* +), *

+* )** )*().

FAUSAR.3 S,0, 5) *:)

S,0, 5) *:) *)*+ 5) *:) ,+ +,0 5) 5 *:)5 +5 0*)*).

FAU7SAR.3.1 T TSF +,, *:)5 ),)= **( +*0+ an+

sorting 5) 5 +5

a( ,user ientity

&( range of ates

c( range of times

( ranges of aress-.

FAUST.1 P*05 5) *), +*

P*05 5) *), +*> *)*(+ * ,05 5) *),. I ),,

*05 *( *)J5 5,) 5/* (5))0).

FAU7STG.1.1 T TSF +,, *0 +*5 5) *0*5+ *( *)J5

5,).

FAU7STG.1.2 T TSF +,, , "revent (5))0)+ 5)*0*5+.

FAUST.4 P*:) 5) 5 ,++

P*:) 5) 5 ,++ +0))+ 0)+ ) 0+ 5) *), )+ ,,.

FAU7STG..1 T TSF +,, overrite t/e olest store auit recors 5

notify "rivilege user ) 5) *), )+ ,,.

FCSCKM.1 C*=*)0 = *)

E()* A*+,)0 1& ENTS UMCP


16/36


C*=*)0 = *) *)*+ 0*=*)0 =+ *5 )

00*50 ) +0))5 ,*)( 5 = +)J+ )0 0 +5

++)5 +5*5.

FCS7C6M.1.1 T TSF +,, * 0*=*)0 =+ ) 00*50 )

+0))5 0*=*)0 = *) ,*)( ++)( cry"togra"/ic 0ey

generation algorit/m 5 +0))5 0*=*)0 = +)J+ minimum 5$ &its ( ,,) ++)( list of stanars.

FCSCKM.2 C*=*)0 = 5)+*))

C*=*)0 = 5)+*)) *)*+ 0*=*)0 =+ 5)+*)5 )00*50 ) +0))5 5)+*)) (5 )0 0 +5

++)5 +5*5.

FCS7C6M.2.1 T TSF +,, 5)+*) 0*=*)0 =+ ) 00*50 ) +0))5 0*=*)0 = 5)+*)) (5 ++)( cry"togra"/ic 0ey

istri&ution met/o (+ ,,) ++)( list of stanars.

FCSCKM.4 C*=*)0 = 5+*0)

C*=*)0 = 5+*0) *)*+ 0*=*)0 =+ 5+*=5 )

00*50 ) +0))5 5+*0) (5 )0 0 +5

++)5 +5*5.

FCS7C6M..1 T TSF +,, 5+*= 0*=*)0 =+ ) 00*50 )

+0))5 0*=*)0 = 5+*0) (5 ++)( cry"togra"/ic 0ey

estruction met/o (+ ,,) ++)( list of stanars.

FCSCOP.1 C*=*)0 *)

C*=*)0 *) *)*+ 0*=*)0 *) **(5 )00*50 ) +0))5 ,*)( 5 ) 0*=*)0 = +0))5+)J+. T +0))5 ,*)( 5 0*=*)0 = +)J+ 0 +5

++)5 +5*5.

FCS7COP.1.1 T TSF +,, **(

@ encry"tion of remote aut/orie "rivilege user session

@ encry"tion of remote aut/entication ) 00*50 ) +0))5

0*=*)0 ,*)( ++)( cry"togra"/ic algorit/m 5

0*=*)0 = +)J+ minimum 5$ &its ( ,,)++)( list of stanars.

FDPIFC.1 S+ )*() , 0*,

S+ )*() , 0*, *)*+ 0 )5))5 )*() ,0*, SFP+ ) ,0 * ++ ++), *)+ ++

)*() ,+ ) TOE.

FDP7IFC.1.1 T TSF +,, *0 entifie *



17/36


@ su&ect6 ientifie e7ternal T entities t/at sen an receive "ac0ets t/roug/

t/e T!)

@ information6 * originating an terminating * aress an service

0@ o"erations6 "ass "ac0et or &loc0 "ac0et-

FDPIFF.1 S)(, +0*)= *)+

S)(, +0*)= *)+ *)*+ +0*)= *)+ )*()> 5

+0+ 0+ )*() , 5 +0+ 0 + *0))+

)*(). I +0))+ *,+ (+ *05 = 0)>

5 5+0*)+ +0*)= *)+ * 5*):5 = 0).

FDP7IFF.1.1 T TSF +,, *0 entifie * +5 ,,)

=+ +0 5 )*() +0*)= *)+

a ;subject security attributes:

•

presumed IP address;

• other subject security attributes to be determined by the

Security Target writer);

b inormation security attributes:

• source subject;

• destination subject;

• transport !ayer protoco!;

•T"# interace on which tra$c arri%es and departs;

• ser%ice;

• other inormation security attributes to be determined by the

Security Target writer&s)'.

FDP7IFF.1.2 T TSF +,, *() )*() , 0*,,5

+0 5 0*,,5 )*() :) 0*,,5 *) ) ,,) *,+

,5 ource an estination su&ects are in com"liance it/ ecurity *olicy.

FDP7IFF.1.3 T TSF +,, *0 none require .

FDP7IFF.1. T TSF +,, *:)5 ,,) none require .

FDP7IFF.1.$ T TSF +,, G,)0),= *)J )*() , +5 ,,) *,+ ++)( rules+ &ase on security attri&utes+ t/at e7"licitlyaut/orie information flos.

FDP7IFF.1.' T TSF +,, G,)0),= 5= )*() , +5

,,) *,+ ++)( rules+ &ase on security attri&utes+ t/at e7"licitlyeny information flos.



18/36


FIAAF".1 A)0) ),* 5,)

R)*( TSF , *() +++) +,)+( *0++

* +0))5 (* +00++, +* )0) (+. I ,+*)*+ > * *()) +++) +,)+( *0++> TSF

, 5)+, +* 00 * ) *= ?.. *+)@ *(

)0 (+ * (5 ), 5())+**-5)5 05)) 00*+.

FIA7AFL.1.1 T TSF +,, 50 /en ,a setta&le+ non8ero num&er+ to &e

setta&le &y "rivilege user +00++, )0) (+ 00* *,5

a( ,aut/orie user attem"ting to ma0e aut/entication as "rivilege user

&( Attac0er attem"ting to im"ersonate aut/orie or "rivilege user-.

FIA7AFL.1.2 W 5)5 (* +00++, )0) (+

+ ( * +*++5> TSF +,,

a( ,isa&le account

&( notify "rivilege user+ met/o to &e setta&le &y "rivilege user-.

FIAATD.1 U+* *) 5)))

U+* *) 5)))> ,,+ +* +0*)= *)+ * 0 +*

())5 )5):)5,,=.

FIA7ATD.1.1 T TSF +,, ()) ,,) ,)+ +0*)= *)+ ,) )5):)5, +*+

a) ,ientity9

b) association of /uman user it/ t/e "rivilege user role

FIAUAU.1 T)() )0)

T)() )0)> ,,+ +* **( 0*) 0)+ *)*

)0) +*+ )5)=.

FIA7UAU.1.1 T TSF +,, ,, ++)( list of T meiate actions

, +* **(5 * +* )+ )05.

FIA7UAU.1.2 T TSF +,, *)* 0 +* +00++,,= )05 * ,,) = * TSF-(5)5 0)+ , +*.



19/36


FIAUAU.4 S),-+ )0) (0)+(+

S),-+ )0) (0)+(+> *)*+ )0) (0)+( *+ ) +),-+ )0) 5.

FIA7UAU..1 T TSF +,, *: *+ )0) 5 *,5

@ *):),5 +*

@ *)J5 +*

FIAUID.1 T)() )5))0)

T)() )5))0)> ,,+ +*+ **( 0*) 0)+ * ))5))5 = TSF.

FIA7UID.1.1 T TSF +,, ,, no any actions , +*

**(5 * +* )+ )5))5.

FIA7UID.1.2 T TSF +,, *)* 0 +* +00++,,= )5))5 *

,,) = * TSF-(5)5 0)+ , +*.

FMTMOF.1 M( +0*)= 0)+ :)*

M( +0*)= 0)+ :)* ,,+ *)J5 +*+ ?*,+@

( :)* 0)+ ) TSF + *,+ * : +0))5

05))+ (= (,.


20/36


i) reco%er to the state o!!owing the !ast bac-up;

j) m) other securityre!e%ant administrati%e unctions to bedetermined by the Security Target writer&s)'.

to ;an pri%i!eged user >.

FMTMSA.1 M( +0*)= *)+

M( +0*)= *)+ ,,+ *)J5 +*+ ?*,+@ (

+0))5 +0*)= *)+.

FMT7MSA.1.1 T TSF +,, *0 ++)( access control *+information flo control * *+*)0 ),)= +,0) c/ange:efault+

query+ moify+ elete+ ++)( ot/er o"erations +0*)= *)+

++)( list of security attri&utes ++)( t/e aut/orie ientifie roles.

FMTMSA.2 S0* +0*)= *)+

S0* +0*)= *)+ +*+ :,+ ++)5 +0*)= *)+ *:,)5 ) *+0 +0* +.

FMT7MSA.2.1 T TSF +,, +* ,= +0* :,+ * 005 *

+0*)= *)+.

FMTMSA.3 S)0 *) ))),)J)

S)0 *) ))),)J) +*+ 5, :,+ +0*)= *)+

* **),= )* *()++): * *+*)0): ) *.

FMT7MSA.3.1 T TSF +,, *0 "ac0et flo control *:)5

restrictive+ 5, :,+ * +0*)= *)+ * +5 *0 * .

FMT7MSA.3.2 T TSF +,, ,, "rivilege user +0)= ,*):))), :,+ :**)5 5, :,+ 0 * )*() )+

0*5.

FMTSMR.1 S0*)= *,+

S0*)= *,+ +0))+ *,+ ) *+0 +0*)= TSF *0)J+.

FMT7SMR.1.1 T TSF +,, ()) *,+ "rivilege user .

FMT7SMR.1.2 T TSF +,, , ++0) /uman +*+ ) t/e

"rivilege user *,.

FPRANO.1 A=()=

A=()= *)*+ * +*+ * +0+ * , 5*() )5)= +* 5 +0 * *).



21/36


FPR7ANO.1.1 T TSF +,, +* aut/orie user * ,

5*() *, +* ( 5 "rivilege use an ot/er aut/orie

users.

FPTF"S.1 F),* ) *+*:) +0* +

F),* ) *+*:) +0* +> )0 *)*+ TSF *+*: +0* + ) 0 )5))5 ),*+.

FPT7FLS.1.1 T TSF +,, *+*: +0* + ,,) =+

),*+ 00* ++)( list of ty"es of failures in t/e T .

FPTSEP.1 TSF 5() +*)

TSF 5() +*)> *:)5+ 5)+)0 *05 5() * TSF 5

*:)5+ +*) +0+ )) TSC.

FPT7SEP.1.1 T TSF +,, ()) +0*)= 5() * )+ G0) *0+ ) *( )**0 5 (*) = *+5 +0+.

FPT7SEP.1.2 T TSF +,, *0 +*) +0*)= 5()+

+0+ ) TSC.

FPTSTM.1 R,), )( +(+

R,), )( +(+> )0 *)*+ TSF *:)5 *,), )( +(+ *

TSF 0)+.

FPT7STM.1.1 T TSF +,, , *:)5 *,), )( +(+ * )+

+.

FRUF"T.2 ")()5 , ,*0

")()5 , ,*0 *)*+ TOE 0) 0**0 *) ,,

0),))+ ) : )5))5 ),*+.

FRU7FLT.2.1 T TSF +,, +* *) ,, TOE+ 0),))+ ++)( list of ty"e of failures 00*.

FTATAB.1 D, TOE 00++ *+

D, TOE 00++ *+ *:)5+ *)*( * TOE A00++ B*.T)+ * )+ 5)+,=5 *)* +,)+( 5), * +++).

FTA7TA!.1.1 B* +,)+) +* +++)> TSF +,, 5)+,=

5:)+*= *) (++ **5) *)J5 + TOE.



22/36


6.2 TOE #ec(rit3 A//(rance Re8(ire*ent/

T ++*0 +0*)= *)*(+ * TOE +)+= )+ P*0) P*),> * 5*):5 *(P* 3 CC. T+ ++*0 +0*)= *)*(+ 0(+ EA"2 5 0,5 *

) 6 0*)+

1)Con;0


23/36


6.2.1 Confi)(ration -ana)e*ent A//(rance Re8(ire*ent/

ACMCAP.2 C)*) )(+

D:,* 0) ,(+

ACM7CAP.2.1D T 5:,* +,, *:)5 **0 * TOE.

ACM7CAP.2.2D T 5:,* +,, + CM +=+(.

ACM7CAP.2.3D T 5:,* +,, *:)5 CM 50().

C 5 *+) :)50 ,(+

ACM7CAP.2.1C T **0 * TOE +,, ) 0 :*+) TOE.

ACM7CAP.2.2C T TOE +,, ,,5 ) )+ **0.

ACM7CAP.2.3C T CM 50() +,, )0,5 0)*) ,)+.

ACM7CAP.2.C T 0)*) ,)+ +,, 5+0*) 0)*) )(+ 0(*)+ TOE.

ACM7CAP.2.$C T CM 50() +,, 5+0*) (5 +5 ),=)5)= 0)*) )(+.

ACM7CAP.2.'C T CM +=+( +,, ),= )5)= ,, 0)*) )(+.

E:,* 0) ,(+

ACM7CAP.2.1E T :,* +,, 0)*( )*() *:)55 (+ ,,

*)*(+ * 0 5 *+) :)50.

6.2.2 Deiver3 and O0eration A//(rance Re8(ire*ent/

ADODE".1 D,):*= *05*+

D:,* 0) ,(+

ADO7DEL.1.1D T 5:,* +,, 50( *05*+ * 5,):*= TOE *

*+ ) +*.

ADO7DEL.1.2D T 5:,* +,, + 5,):*= *05*+.

C 5 *+) :)50 ,(+

ADO7DEL.1.1C T 5,):*= 50() +,, 5+0*) ,, *05*+ *

0++*= ()) +0*)= 5)+*)) :*+)+ TOE +*+ +).

E:,* 0) ,(+



24/36


ADO7DEL.1.1E T :,* +,, 0)*( )*() *:)55 (+ ,,

*)*(+ * 0 5 *+) :)50.

ADOIS.1 I+,,)> *)> 5 +*- *05*+

D:,* 0) ,(+

ADO7IGS.1.1D T 5:,* +,, 50( *05*+ 0++*= * +0*

)+,,)> *)> 5 +*- TOE.

C 5 *+) :)50 ,(+

ADO7IGS.1.1C T 50() +,, 5+0*) ++ 0++*= * +0*)+,,)> *)> 5 +*- TOE.

E:,* 0) ,(+

ADO7IGS.1.1E T :,* +,, 0)*( )*() *:)55 (+ ,,

*)*(+ * 0 5 *+) :)50.

ADO7IGS.1.2E T :,* +,, 5*() )+,,)> *)> 5 +*-

*05*+ *+, ) +0* 0)*).

6.2.+ Deveo0*ent A//(rance Re8(ire*ent/

ADVFSP.1 I*(, 0), +0))0)

D:,* 0) ,(+

ADV7FSP.1.1D T 5:,* +,, *:)5 0), +0))0).

C 5 *+) :)50 ,(+

ADV7FSP.1.1C T 0), +0))0) +,, 5+0*) TSF 5 )+ G*,

)*0+ +) )*(, +=,.

ADV7FSP.1.2C T 0), +0))0) +,, )*,,= 0+)+.

ADV7FSP.1.3C T 0), +0))0) +,, 5+0*) *+ 5 (5

+ ,, G*, TSF )*0+> *:)5) 5),+ 0+> G0)+ 5 ***

(+++> + **).

ADV7FSP.1.C T 0), +0))0) +,, 0(,,= **+ TSF.

E:,* 0) ,(+

ADV7FSP.1.1E T :,* +,, 0)*( )*() *:)55 (+ ,,

*)*(+ * 0 5 *+) :)50.

ADV7FSP.1.2E T :,* +,, 5*() 0), +0))0) )+

00* 5 0(, )+)) TOE +0*)= 0), *)*(+.



25/36


ADVH"D.1 D+0*)): )-,:, 5+)

D:,* 0) ,(+

ADV7HLD.1.1D T 5:,* +,, *:)5 )-,:, 5+) TSF.

C 5 *+) :)50 ,(+

ADV7HLD.1.1C T *+) )-,:, 5+) +,, )*(,.

ADV7HLD.1.2C T )-,:, 5+) +,, )*,,= 0+)+.

ADV7HLD.1.3C T )-,:, 5+) +,, 5+0*) +*0* TSF ) *(+ ++=+(+.

ADV7HLD.1.C T )-,:, 5+) +,, 5+0*) +0*)= 0),)= *:)55 = 0 ++=+( TSF.

ADV7HLD.1.$C T )-,:, 5+) +,, )5)= = 5*,=) *5*>)*(*> 5/* +* *)*5 = TSF ) *+) 0)+

*:)55 = +*) *0) (0)+(+ )(,(5 ) *5*>

)*(*> * +*.

ADV7HLD.1.'C T )-,:, 5+) +,, )5)= ,, )*0+ ++=+(+

TSF.

ADV7HLD.1.C T )-,:, 5+) +,, )5)= )0 )*0+

++=+(+ TSF * G*,,= :)+),.

E:,* 0) ,(+

ADV7HLD.1.1E T :,* +,, 0)*( )*() *:)55 (+ ,,*)*(+ * 0 5 *+) :)50.

ADV7HLD.1.2E T :,* +,, 5*() )-,:, 5+) )+ 00*

5 0(, )+)) TOE +0*)= 0), *)*(+.

'?A="*"./ #normal correspondence demonstration

?eveloper action elements+

ADV7RCR.1.1D T 5:,* +,, *:)5 ,=+)+ 0**+50 ,,50 )*+ TSF **+)+ * *:)55.

AD()*C*.+.+C or each ad3acent pair o provided TSrepresentations, the analysis shall demonstrate that all relevantsecurity unctionality o the more abstract TS representation iscorrectly and completely refned in the less abstract TSrepresentation.

Evaluator action elements+



26/36


ADV7RCR.1.1E T :,* +,, 0)*( )*() *:)55 (+ ,,*)*(+ * 0 5 *+) :)50.

6.2. G(idance Doc(*ent/ A//(rance Re8(ire*ent/

'@?='?


27/36


A%D)0S*.+.+D The developer shall provide user !uidance.

*ontent and presentation o evidence elements+

A%D)0S*.+.+C The user !uidance shall describe the unctions andinteraces available to the non-administrative users o the TOE.

A%D)0S*.+.!C The user !uidance shall describe the use o user-accessible security unctions provided by the TOE.

A%D)0S*.+.#C The user !uidance shall contain warnin!s about user-accessible unctions and privile!es that should be controlled in asecure processin! environment.

A%D)0S*.+.$C The user !uidance shall clearly present all userresponsibilities necessary or secure operation o the TOE, includin!those related to assumptions re!ardin! user behavior ound in thestatement o TOE security environment.

A%D)0S*.+.&C The user !uidance shall be consistent with all otherdocumentation supplied or evaluation.

AGD7USR.1.'C T +* )50 +,, 5+0*) ,, +0*)= *)*(+ * IT

:)*( * *,: +*.


AGD7USR.1.1E T :,* +,, 0)*( )*() *:)55 (+ ,,

*)*(+ * 0 5 *+) :)50.

6.2.6 Te/t/ A//(rance Re8(ire*ent/

'TE=*OA./ Evidence o covera!e


AT/)CO(.+.+D The developer shall provide evidence o the testcovera!e.


AT/)CO(.+.+C The evidence o the test covera!e shall show thecorrespondence between the tests identifed in the test documentationand the TS as described in the unctional specifcation.


AT/)CO(.+.+/ The evaluator shall confrm that the inormationprovided meets all reCuirements or content and presentation o evidence.

'TE=)$./ unctional testin!




28/36


AT/)F01.+.+D The developer shall test the TS and document theresults.

AT/)F01.+.!D The developer shall provide test documentation.


AT/)F01.+.+C The test documentation shall consist o test plans, testprocedure descriptions, expected test results and actual test results.

AT/)F01.+.!C The test plans shall identiy the security unctions to betested and describe the !oal o the tests to be perormed.

AT/)F01.+.#C The test procedure descriptions shall identiy the teststo be perormed and describe the scenarios or testin! each securityunction. These scenarios shall include any orderin! dependencies onthe results o other tests.

AT/)F01.+.$C The expected test results shall show the anticipatedoutputs rom a successul execution o the tests.

AT/)F01.+.&C The test results rom the developer execution o thetests shall demonstrate that each tested security unction behaved asspecifed.


AT/)F01.+.+/ The evaluator shall confrm that the inormationprovided meets all reCuirements or content and presentation o evidence.

'TE=#$?.0 #ndependent testin! - sample?eveloper action elements+

AT/)I1D.!.+D The developer shall provide the TOE or testin!.


AT/)I1D.!.+C The TOE shall be suitable or testin!.

AT/)I1D.!.!C The developer shall provide an eCuivalent set o resources to those that were used in the developerDs unctional testin!o the TS.


AT/)I1D.!.+/ The evaluator shall confrm that the inormationprovided meets all reCuirements or content and presentation o evidence.

ATE7IND.2.2E T :,* +,, + ++ TSF + **) 0)*( TOE *+ + +0))5.



29/36


ATE7IND.2.3E T :,* +,, G0 +(, ++ ) + 50()

:*)= 5:,* + *+,+.

6.2.9 (nera&iit3 A//e//*ent A//(rance Re8(ire*ent/

'A'=SO./ Stren!th o TOE security unction evaluation


A(A)SOF.+.+D The developer shall perorm a stren!th o TOE securityunction analysis or each mechanism identifed in the ST as havin! astren!th o TOE security unction claim.


A(A)SOF.+.+C or each mechanism with a stren!th o TOE securityunction claim the stren!th o TOE security unction analysis shall showthat it meets or exceeds the minimum stren!th level defned in thePP6ST.

A(A)SOF.+.!C or each mechanism with a specifc stren!th o TOEsecurity unction claim the stren!th o TOE security unction analysisshall show that it meets or exceeds the specifc stren!th o unctionmetric defned in the PP6ST.


A(A)SOF.+.+/ The evaluator shall confrm that the inormationprovided meets all reCuirements or content and presentation o evidence.

AVA7SOF.1.2E T :,* +,, 0)*( +* 0,)(+ * 0**0.

'A'=A('./ ?eveloper vulnerability analysis


A(A)(2A.+.+D The developer shall perorm and document an analysiso the TOE deliverables searchin! or obvious ways in which a user canviolate the TSP.

A(A)(2A.+.!D The developer shall document the disposition o obvious vulnerabilities.

*ontent and presentation o evidence elements+A(A)(2A.+.+C The documentation shall show, or all identifedvulnerabilities3 based on C/*T, that the vulnerability cannot beexploited in the intended environment or the TOE.




30/36


A(A)(2A.+.+/ The evaluator shall confrm that the inormationprovided meets all reCuirements or content and presentation o evidence.

AVA7VLA.1.2E T :,* +,, 050 *) +)> ),5) 5:,* :,*),)= ,=+)+> +* :)+ :,*),))+ : 55*++5.



31/36


9. RATIONALE

T PP R), *:)5+ 5(+*) PP +0))+ 0(,> 0* 5

)*,,= 0+)+ + +0*)= 0):+ 5 +0*)= *)*(+ * **)

55*++ )5))5 +0*)= *,(.

9.1 #ec(rit3 Re8(ire*ent/ Rationae/

Se/,0t O9=et0:e 6e F/nt0on Co45onents

O.A:),),)=.1 FTATAB.1

FRUF"T.2

O.A:),),)=.2 FMTSMR.1

FAUST.1

FAUST.4

FMTMOF.1

O.C)5),)=.1 FAUARP.1

FIAATD.1

FIAUAU.1

FIAUAU.4

O.C)5),)=.2 FCSCOP.1

O.C)5),)=.3 FPRANO.1

O.I*)=.1 FIAATD.1

FIAATD.2

FIAUAU.1

O.I*)=.1 FIAATD.1

FIAATD.2

FIAUAU.1

O.I*)=.2 FAUEN.1

O.I*)=.3 FAUEN.1



32/36


O.I*)=.4 FPTSTM.1

FAUEN.1

FAUSAR.1FAUSAR.3

O.I*)=.& FIAAF".1

FPTSEP.1

FAUARP.1

FAUST.1

FAUST.4

O.I*)=.6 FAUEN.1FAUSAR.1

O.I*)=.7 FMTMAS.3

O.DF,.1 FDPIFC.1

9.2 F(nctiona De0endencie/

F0), 550)+ *:)5 (), = :*)= ,, 0), 550)+ ) PP.

F/nt0on

N4e

To St0s; De5en8ene

FAUARP.1 O.C)5),)=.1

O.I*)=.&

FAUSAA.1

FAUSAA.1 FAUARP.1 FAUEN.1

ADVSPM.1 FMTMSA.2

FPTF"S.1

FAUEN.1 O.I*)=.2

O.I*)=.3

O.I*)=.4

O.I*)=.6

FPTSTM.1



33/36


FAUSAR.1 O.I*)=.4

O.I*)=.6

FAUEN.1

FAUSAR.3 O.I*)=.4 FAUSAR.1FAUST.1 O.A:),),)=.2

O.I*)=.&

FAUEN.1

FAUST.4 O.A:),),)=.2

O.I*)=.&

FAUST.1

FCSCKM.1 FCSCOP.1

FCSCKM.4

FCSCKM.2

FCSCKM.2

FCSCKM.4

FMTMSA.2FCSCKM.2 FCSCKM.1 FCSCKM.1

FCSCKM.4

FMTMSA.2

FCSCKM.4 FCSCOP.1

FCSCKM.1

FCSCKM.2

FCSCKM.1

FMTMSA.2

FCSCOP.1 O.C)5),)=.2 FCSCKM.1

FCSCKM.4

FMTMSA.2

FDPACC.1 FMTMSA.1

FDPACF.1

FDPACF.1

FDPACF.1 FDPACC.1 FDPACC.1

FMTMSA.3

FDPIFC.1 O.DF,.1 FDPIFF.1

FDPIFF.1 FDPIFC.1 FDPIFC.1

FMTMSA.3

FIAAF".1 O.I*)=.& FIAUAU.1



34/36


FIAATD.1 O.C)5),)=.1

O.I*)=.1

FIAUAU.1 O.C)5),)=.1O.I*)=.1

FIAUID.1

FIAUAU.4 O.C)5),)=.1

FIAUID.1 FIAUAU.1

FMTMOF.1 O.A:),),)=.2 FMTSMR.1

FMTMSA.1 FMTMSA.3

FMTMSA.2

FDPACC.1

FMTSMR.1

FMTMSA.2 FCSCOP.1

FCSCKM.1

FCSCKM.4

FCSCKM.2

ADVSPM.1

FDPIFC.1

FMTMSA.1

FMTSMR.1

FMTMSA.3 O.I*)=.7 FMTMSA.1

FMTSMR.1

FMTSMR.1 O.A:),),)=.2 FIAUID.1

FPRANO.1 O.C)5),)=.3

FPTF"S.1 FRUF"T.2 ADVSPM.1

FPTSEP.1 O.I*)=.&

FPTSTM.1 O.I*)=.4

FRUF"T.2 O.A:),),)=.1 FPTF"S.1

FTATAB.1 O.A:),),)=.1

9.+ Rationae for Not #ati/f3in) A De0endencie/

S0*)= 00++ 0*, ) )+ TOE )+ +5 )*() , 0*, ** 0(+

*)*5 +0*)= *) +5 00++ 0*, FDPACC.1> FDPACF.1 5+ : +)+)5.



35/36


:. Acron3*/

The ollowin! abbreviations rom the *ommon *riteria are used in thisProtection Profle+

CC *ommon *riteria or #normation Technolo!y SecurityEvaluation

EA" Evaluation 'ssurance (evel

FTP ile Transer Protocol

HTTP Bypertext Transer Protocol

IT #normation Technolo!y

PP Protection Profle

SFP Security unction Policy

ST Security Tar!et

TOE Tar!et o Evaluation

TSC TS Scope o *ontrol

TSF TOE Security unctions

TSP TOE Security Policy

POP Point O Presence

AS 'utonomous System



36/36


;. Reference/

• C(( C*)*) * I*() T0,= S0*)= E:,), **#&-F-G05 Aersion

0,

Date post:	01-Jun-2018
Category:	Documents
Upload:	earslana
View:	218 times
Download:	0 times