of 36
8/9/2019 Internet Backbone PP
1/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
Contents
1. INTRODUCTION TO THE PROTECTION PROFILE................................................................................2
1.1 PP IDENTIFICATION...........................................................................................................................................2
1.2 PP OVERVIEW...................................................................................................................................................2
2. TARGET OF EVALUATION (TOE) DESCRIPTION....................................................................................2
3. SECURITY ENVIRONMENT..........................................................................................................................
3.1 I NTRODUCTION................................................................................................................................................. .4
3.1.1 Critical Assets.........................................................................................................................................43.1.2 Protection N eeds..............................................................................................................................53.1.3 T hreat Agents....................................................................................................................................5
3.2 ASSUMPTIONS...................................................................................................................................................6
3.3 THREATS........................................................................................................................................................... .7
3.4 ORANI!ATIONA" SECURIT# PO"ICES............................................................................................................. .8
. SECURITY O!"ECTIVES................................................................................................................................#
4.1 SECURIT# OB$ECTIVES FOR THE TOE...............................................................................................................9
4.2 SECURIT# OB$ECTIVES FOR THE E NVIRONMENT............................................................................................1%
$. IT SECURITY RE%UIREMENTS.................................................................................................................1&
&.1 TOE SECURIT# FUNCTIONA" R E'UIREMENTS...............................................................................................1%
&.2 TOE SECURIT# ASSURANCE R E'UIREMENTS................................................................................................ .21
5.2.1 Configuration Management Assurance Requirements.........................................................................22
5.2.2 Delivery an !"eration Assurance Requirements...............................................................................225.2.3 Develo"ment Assurance Requirements.................................................................................................23
5.2.4 #uiance Documents Assurance Requirements...................................................................................24
5.2.5 Tests Assurance Requirements..............................................................................................................2$
5.2.$ %ulnera&ility Assessment Assurance Requirements..............................................................................2'
'. RATIONALE.....................................................................................................................................................2#
6.1 SECURIT# R E'UIREMENTS R ATIONA"ES........................................................................................................ .296.2 FUNCTIONA" DEPENDENCIES......................................................................................................................... .3%
6.3 R ATIONA"E FOR NOT SATISF#IN A"" DEPENDENCIES................................................................................. .32
. ACRONYMS.....................................................................................................................................................33
. REFERENCES..................................................................................................................................................3
E()* A*+,)0 1 ENTS UMCP
8/9/2019 Internet Backbone PP
2/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
1. INTRODUCTION TO THE PROTECTION PROFILE
1.1 PP Identification
T), C, 5 W)*,++ USA I* B0 P*0) P*), * "-R)+
E:)*(+.
R)+*) ;TBD P) P*+0 ?POP@> P0 , 0*,> * +0*)=> *0) *),.
1.2 PP Overview
T)+ P*0) P*), +0))+ C, 5 W)*,++ ())((-+0*)= *)*(+ * I* B0 *. T P*0) P*), 5)+ ++()+ +0*)=
+0+ :)*( ) )0 POP ),, ,05. I ,+ 5)+ *+> )(,()-)55 +0*)= 0):+ POP+ * 5+> 5 0),5 ++*0 *)*(+ ( + 0):+. F),,=> PP *:)5+ *),
5(+*) *)*(+ ( +0*)= 0):+.
2. TARGET OF EALUATION !TOE" DE#CRIPTION
A P) P*+0 ?POP@ )+ (+ :)+), * ) I* B0 *. T ()
*+ POP )+ *:)5 I* 00):)= I* S*:)0 P*:)5*+ 5 *
I* +*+ : 5+ * ) +5 55)05 ,)+ I* B0 *.
I 55)) ,) 00) I*> POP 0,5 *:)5 55)), +*:)0+ )+
0+(*+ +0 +
• T D() N( S=+( ?DNS@
• T S)(, M), T*+* P*0, ?SMTP@
• T N* T)( P*0, ?NTP@
• T F), T*+* P*0, ?FTP> TFTP@
• T N* N+ T*+* P*0, ?NNTP@
S( POP+ * ,+ *++), * *)0 G0 5)* *+> 0,,5A(+ S=+(+ ?AS@. I 55)) : 00)> 0 POP + 005
* (* POP+ +( AS ) * *( I* B0.
F*( +0*)= ) :)> POP )+ (+ 0*))0, ,0 * I* B0
+*:)0 *:)5*+. I *5* *:)5 +*:)0+ )+ 0+(*+> POP + ),= :)+),
E()* A*+,)0 2 ENTS UMCP
8/9/2019 Internet Backbone PP
3/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
*+ I* 0(()=. I 55)) +*:)0+> ) (+ +* )5 5
5 (( 00+++.
O:*,,> +0*)= 0) POP )+ *:)5 0*,,5 5 5)5 00++ )+* 5+ 5 +*:)0+. I + *:)5 00++ *( )+)5 5 +)5 )+ AS =
,,) * *0) 0 ,. I 55))> ) + *0 *+) *)0 0() ) AS +
,, + *: :), 0+ )+ 0+(*+. F)* 2.1 ++ ,)0, **+) POP* 00)+.
F)* 2.1.
T)+ P*0) P*), +0))+ ())((-+0*)= *)*(+ * TOE+ 0(+5 * 5+ ) POP+> **5,++ *5*-+* )(,()> 00)= * )*,
*0)0*.
T TOE 5+0*)+ 5 ,+
• I*0 I* T POP+ +( AS ?I+)5@
• I*0 C* POP 5 C+(* E)( ?C+(*@
• I*0 P* T POP+ ) 5)* AS+. ?P*)@
I 55)) 5 , TOE 5+0*)+ )5 5 5 (( POP.
U+*+ TOE 0+)+ ( +*+ 5 G*, * 5+. H( +*+ (= * (=
++0)5 ) +), *, TOE. Net+o,- Aess Se/,0t Po0 5)+
( +* 00++ 5 *()++)+ * ,, * *))) )+ ?I+)5 I> C+(* C 5P*) P@. Dt Fo+ Se/,0t Po0 *,+ 5) )0 5 0+ (= 005 5
E()* A*+,)0 3 ENTS UMCP
Internet $ac%&one Networ% Arc'itect(re Dia)ra*
POP
Backbone Link OSPF
UU-net
Mae-East
Mae-West
Sprint
I n t e r n e t P e e r i n g B G P
Customer
POP
Customer Link
C u s t o m e r
P O P
C u s t o m e r L i nk
C u s t o m e r
E q u i p m e n t
C u s t o m e r L i n k
POPouter
outer outer
Ser!er Ser!er
- - -- - -
Ser!er Ser!er
- - - - - -
P O P B a c k b o n e L i n k O S P F
P
C
I
8/9/2019 Internet Backbone PP
4/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
*0++5 = TOE * 0 )5):)5, *))) )+ ?I+)5 I> C+(* C 5 P*) P@. I
N* A00++ S0*)= P,)0= *()+ ( +*+ * *):),5 +*+ (= +5
5 *0): )*() FTP> -(),> + * DNS +*:*+ ) POP> +0 +*+ ),, : )5))5 5 )05 = TOE * *++ * *)J5. F*( +
( +*+> ,= *):),5 +*+ (= 00++ TOE * *( (+ ?,> *,)>
0@. I *):),5 +* 00+++ TOE *(,=> * +00++, )5))0) 5)0) ?+) -)( )0) (0)+(@ *+5 0, +) +( =
0*=) ) +0*,= *5 5 5)+*)5 = :,+ (+ +5. I 55))
*( 00++> *)J5 5())+**+ (= 00++ TOE * ,0, (+ )0*=)> +0 + * 0+, ) +0 0+ +00++, )5))0) 5 )0) )+
*)*5.
EG*, * 5+ +5) )*() * TOE 5 : )5))5 5
)05> ,++ + 0)+ * +*5 = 5*,=) +*:)0 ?..> [email protected]:*> G*, * 5+ () +5 )*() TOE (+ ,=+
)5))5 5 )05. T+ G*, * 5+ * +00++,,= )5))5 5
)05 ?+) -)( )0) (0)+(@ * *)J5 G*, *
5+.
W *0*55> 5) *), 5 )+ +(5 ) 55, 5 5 )(. A5) :+ )0,5
(5))0)+ * +*+ ++0)5 ) *):),5 +* *, 5 +
)5))0) 5 )0) (0)+(+ )0,5) = (5 *+ )0)5. T TOE 00*5) N* A00++ S0*)= P,)0= *,+ 5 + ,, +0*)=
0)+ (+ )*() , 0*, 50)+)+.
+. #ECURIT, ENIRON-ENT
+.1 Introd(ction
Protection Profle-compliant TOEs are meant to be used in an environment inwhich critical, but unclassifed, inormation is processed. Systems thatcomply with this Protection Profle are expected to utilie crypto!raphicmechanisms or one time password or remote authentication.
I *5* 5) +0*)= :)*( * TOE ) 0(,)0 ) )+ PP> 0*))0, +++>
protection needs, and threat a!ents has to be defned.
+.1.1 Critica A//et/
C*))0, +++ TOE * )+ P*0) P*), *
• "outin! #normation
• $etwor% &andwidth
• 'ccess (ist
• )ser 'ccounts
• *ustomer 'ccounts
E()* A*+,)0 4 ENTS UMCP
8/9/2019 Internet Backbone PP
5/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
• Processor cycles
+.1.2 Protection Needs
Protection needs or the above mentioned assets are protection a!ainst+
• Confdentiality i.e., Sensitivity, Secrecy attac%.
• Integrity i.e., 'ccuracy, 'uthenticity, 'uthentication, 'uthoriation,
'ccountin! attac%.
• Availability i.e., ault Tolerance, "ecovery, )tility attac%.
+.1.+ Threat Agents
or this Protection Profle compliant TOE threat a!ents are+
• Privile!ed )ser or 'uthoried 'dministrator
• 'uthoried )ser
• 'ttac%er
E()* A*+,)0 & ENTS UMCP
8/9/2019 Internet Backbone PP
6/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
+.2 A//(*0tion/
The ollowin! conditions are assumed to exist in the operationalenvironment.
Formal Assumption Specifcations.
N4e Des,05t0on
A.P*+,.1 I )+ ++(5 * (* *):),5 +*+ ) ) ,:, G*)+ *++)5 ( TOE 5 +0*)= )*() ) 0)+
-) +)+. A,+ *):),5 +*+ +,5 *+5> 5,)*,=
+ )* *):),+ + + 5*() +0*)=.
A.P*+,.2 A*)J5 +*+ TOE * ++(5 ++++ 0++*= *):),+
00++ )*() (5 = TOE.
A.P*+,.3 A)05 +*+ * *,,= *+5 **( 5)+0*)*= 0)+ )
00*50 ) +0*)= ,)0)+.
A.P*+,.4 A)05 +*+ *0)J 5 * +0* IT :)*(.
A.P=+)0,.1 T *0++) *+*0+ TOE * ++(5 ,05 ))
0*,,5 00++ 0),))+> )0 ),, *+ *)J5 =+)0, 00++.
A.P=+)0,.2 T TOE *5* 5 +* 0*))0, +0*)= ,)0= *0( *
++(5 =+)0,,= *05 *( *)J5 (5))0) = ),,= +), +)5*+.
A.P=+)0,.3 H( +*+ )) =+)0,,= +0* 5*= *0) TOE (=00++ TOE *( +( 5)*0 00).
A.P=+)0,.4 T *0++) *+*0+ TOE 55 *5* +0*)= *+
),, ,05 )) 0*,,5 00++ 0),))+ ()) *)J5> =+)0, 00++.
A.U+.1 T TOE *:)5+ +*:)0+ *)J5 +*+.
A.U+.2 A*)J5 5())+**+ (= 00++ TOE *(,= )5 5
5.
E()* A*+,)0 6 ENTS UMCP
8/9/2019 Internet Backbone PP
7/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
+.+ T'reat/
A L* ?+ 5)5 ) CC@ )+ 5+)*, : ++),= 0+5 = )5))5 *. T= 0+ * (= 0+ *)J5 5)+0,+*> (5))0)> * ,++ + )*()
* )*+*0* )0 *=) *0.
Formal Threats Specifcations.
N4e Des,05t0on
T.'vailability./ 'n attac%er may cause the TOE to temporarily orpermanently become unavailable or the service that it isintended to provide.
T.*onfdentiality./
'n attac%er may be able to !ather some conclusion aboutthe TOE by obtainin! publicly available inormation about TOE.
T.*onfdentiality.0
'n attac%er may be able to view inormation bein! sentrom and to the TOE.
T.#nte!rity./ 'n attac%er user may access the TOE by impersonatin! anauthoried user o the TOE.
T.#nte!rity.0 ' user may cause audit records to be lost or prevent uturerecords rom bein! recorded by ta%in! actions to exhaustaudit stora!e capacity.
T.#nte!rity.1 'n attac%er may bypass routin! inormation stored in TOE.' T*P connection, where the loose source route option is
enabled, allows an attac%er to explicitly route pac%et,throu!h the networ% to a destination without ollowin! theusual routin! process.
T.#nte!rity.2 'n attac%er may chan!e routin! inormation stored in TOE,by in3ectin! bo!us routin! inormation in the networ%.
T.#nte!rity.4 'n attac%er or unauthoried user may read, modiy, ordestroy TOE internal data.
T.#nte!rity.5 ' user may not be accountable or the actions that theyconduct.
T.#nte!rity.E./. 'n attac%er user may access the TOE by impersonatin! anauthoried user o the TOE.
E()* A*+,)0 7 ENTS UMCP
8/9/2019 Internet Backbone PP
8/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
+. Or)aniationa #ec(rit3 Poice/
&andwidth as critical asset or this TOE ant it is protected by applyin!security police in the TOE.
F*( )* 2.1. 0 5) 00++ ,)+ * 0 ),*) +5 *))) 55+)) IP 55*++.
OriginationIP
DestinationIP
*in #P *ip
*out *ip #P
#in6out
#P #P
Pin #P7*wip *8ipPout *8ip #P7*8ip
i!ure 0./.
*in 9 #nterace to the customer, direction towards the customer
*out 9 #nterace to the customer, direction rom the customer
#in6out 9 #nterace to the another POP
Pin 9 #nterace to the peerin! partner, direction towards the peerin!partner
Pout 9 #nterace to the peerin! partner, direction rom the peerin!partner
#P 9 Set o all valid #P addresses
*8ip 9 *able and 8ireless #P set: *8ip is subset o the #P
*ip 9 *ustomers #P set: *ip is subset o the *8ip.
Fo,4 Po0 Specifcations
N4e Des,05t0on
P./. Only privile!ed user and authoried user should be able toconnect to the TOE
P.0. 'll conf!uration chan!es to the TOE have to be recorded.
P.1. 'll security unctions chan!es to the TOE have to be recorded
E()* A*+,)0 8 ENTS UMCP
8/9/2019 Internet Backbone PP
9/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
and monitored.
P.1. 'll attempts to !ain access to TOE have to be recorded.
P.2 #nbound mana!ement services have to be accessible only romthe *8ip set.
E()* A*+,)0 9 ENTS UMCP
8/9/2019 Internet Backbone PP
10/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
. #ECURIT, O$4ECTIE#
.1 #ec(rit3 O&5ective/ for t'e TOE
Formal Obectives Specifcations
N4e Des,05t0on
O.A:),),)=.1 T TOE (+ *:)5 0),)= ,+ *)J5 +* +,, +*:)0+ *:)55 = TOE * *)J +* ) *5)05
)**)+ +*:)0+.
O.A:),),)=.2 T TOE (+ *:)5 0),)=> )0 ,+ *):),5 +*
( TOE 5 )+ +0*)= 0)+.
O.C)5),)=.1 T TOE (+ *: *+ )0) 5.
O.C)5),)=.2 T TOE (+ *0 0)5),)= )+ 5), ) *)J55())+**.
O.C)5),)=.3 T TOE (+ *:)5 (+ ,,) +0 + *+*0+ *+*:)0+ ) +* )5)= ) 5)+0,+5 * ))+.
O.I*)=.1 T TOE (+ ),= )5)= ,, +*+> 5 (+ )0
0,)(5 )5)= * *) +* 00++ TOE +*:)0+.
O.I*)=.2 T TOE (+ *:)5 +* 00),)= * *):),5 +* + +0*)= 0)+.
O.I*)=.3 T TOE (+ *:)5 +* 00),)= * *)J5 + ,,+*:)0+ *:)55.
O.I*)=.4 T TOE (+ *:)5 (+ *0*5 *5, 5) *), +0*)=-
*,5 :+> ) 00* 5+ 5 )(+> 5 (+ +*0 5
+* 5) *), +5 *,: *)+.
O.I*)=.& T TOE (+ 50 (+ = *)J5 +*+ =++> 50):>* (* ) TOE +0*)= 0)+.
O.I*)=.6 T TOE (+ 50 ,++ )*)= 0) +0*)= 0)+.
O.I*)=.7 U ))), +*- TOE * *0:*= *( )**) ) TOE+*:)0> TOE (+ 0(*()+ )+ *+*0+ * + =
005 *.
O.DF,.1 T TOE (+ *:)5 (+ ,,) 5 5=) 5 , +5 *)J), +0*)= ,)0=.
E()* A*+,)0 1% ENTS UMCP
8/9/2019 Internet Backbone PP
11/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
.2 #ec(rit3 O&5ective/ for t'e Environ*ent
T ,,) * -IT +0*)= 0):+ * +)+)5 ) )(+) 0)0,*)*(+ TOE. T= ),, *)* )(,() 0)+ ) TOE
*5* 5/* +*. T**> = ),, +)+)5 ,*,= * ,)0)
*05*, * 5())+*): (+*+.
N4e Des,05t0on
O.P*+,.1 T+ *++), * TOE (+ +* TOE )+ 5,):*5> )+,,5>
5())+*5> 5 *5 ) (* ())+ +0*)=.
O.P*+,.2 P*):),5 +*+ * *)5 +,)+ 5 ()) +5 +0*)= ,)0)+5 *0)0+.
6. IT #ECURIT, RE7UIRE-ENT#
T IT S0*)= R)*(+ 5) +0*)= 0), *)*(+ 5 ++*0*)*( (+ +)+)5 = P*0) P*), 0(,) TOE. F0),
0(+ *( * 2 CC * +5 * 0), *)*( 5 :,).
A++*0 ,:, 0(+ *( * 3 CC * +5 ++*0 *)*(+.
6.1 TOE #ec(rit3 F(nctiona Re8(ire*ent/
T +0*)= 0), *)*( * TOE ) 0(,)0 ) )+ PP * **+5 )
,,) ,
6e F/nt0on Co45onents
N4e Des,05t0on
FAUARP.1 S0*)= ,*(+
FAUSAA.1 P), :),) ,=+)+
FAUEN.1 A5) 5 *)
FAUSAR.1 A5) *:)
FAUSAR.3 S,0, 5) *:)
FAUST.1 P*05 5) *), +*
FAUST.4 P*:) 5) 5 ,++
FCSCKM.1 C*=*)0 = *)
FCSCKM.2 C*=*)0 = 5)+*))
E()* A*+,)0 11 ENTS UMCP
8/9/2019 Internet Backbone PP
12/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
FCSCKM.4 C*=*)0 = 5+*0)
FCSCOP.1 C*=*)0 *)
FDPACC.1 S+ 00++ 0*,
FDPACF.1 S0*)= *) +5 00++ 0*,FDPIFC.1 S+ )*() , 0*,
FDPIFF.1 S)(, +0*)= *)+
FIAAF".1 A)0) ),* 5,)
FIAATD.1 U+* *) 5)))
FIAUAU.1 T)() )0)
FIAUAU.4 S),-+ )0) (0)+(+
FIAUID.1 T)() )5))0)
FMTMOF.1 M( +0*)= 0)+ :)*
FMTMSA.1 M( +0*)= *)+
FMTMSA.2 S0* +0*)= *)+
FMTMSA.3 S)0 *) ))),)J)
FMTSMR.1 S0*)= *,+
FPRANO.1 A=()=
FPTF"S.1 F),* ) *+*:) +0* +
FPTSEP.1 TSF 5() +*)
FPTSTM.1 R,), )( +(+
FRUF"T.2 ")()5 , ,*0
FTATAB.1 D, TOE 00++ *+
FAUARP.1 S0*)= ,*(+
S0*)= ,*(+> TSF +,, 0)+ ) 0+ ), +0*)= :),) )+
505.
FAU7ARP.1.1 T TSF +,, inform "rivilege user 50) ), +0*)= :),).
E()* A*+,)0 12 ENTS UMCP
8/9/2019 Internet Backbone PP
13/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
FAUEN.1 A5) 5 *)
A5) 5 *) 5)+ ,:, 5)-, :+> 5 +0))+ ,)+ 5 +,, *0*55 ) 0 *0*5.
FAU7GEN.1.1 T TSF +,, , * 5) *0*5 ,,)
5)-, :+
@ S*- 5 +5 5) 0)+
&( A,, 5), :+ * minimum or &asic as s"ecifie in ta&le 5.1 ,:,
5).
FAU7GEN.1.2 T TSF +,, *0*5 )) 0 5) *0*5 ,+
,,) )*()
@ D 5 )( :> = :> +0 )5)=> 5 0(?+00++ * ),*@ : 5
@ F* 0 5) : => +5 5), : 5)))+ 0), 0(+ )0,55 ) PP/ST> as s"ecifie in ta&le 5.1
A/80t9e E:ent T9e
F/nt0on Co45onent Le:e A/80t9e E:ent
FAUARP.1 M))(, A0)+ 5 )(() +0*)= :),)+.
FAUSAA.1 M))(, E,) 5 5)+,) = ,=+)+(0)+(+
A(5 *+++ **(5 = ,.
FAUSAR.1 B+)0 R5) )*() *( 5) *0*5+.
FAUST.4 B+)0 A0)+ 5 5) +* ),*.
FCSCKM.1 M))(, S00++ 5 ),* 0):)=.
FCSCKM.2 M))(, M))(, S00++ 5 ),* 0):)=.
FCSCKM.4 M))(, S00++ 5 ),* 0):)=.
FCSCOP.1 M))(, S00++ 5 ),*> 5 = 0*=*)0
*).
FDPIFF.1 M))(, D0)+)+ *() *+5 )*() ,+.
FDPIFF.1 B+)0 A,, 50)+)+ *++ * )*() ,.
FIAAF".1 M))(, T *0) *+,5 * +00++,
E()* A*+,)0 13 ENTS UMCP
8/9/2019 Internet Backbone PP
14/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
)0) (+ 5 0)+ ?.. 5)+,) *(),@ 5 ++> ) **)>
*+*) *(, + ?.. *-,)
*(),@.
FIAUAU.1 M))(, U+00++, + )0) (0)+(
@ B+)0 A,, + )0) (0)+(
0@ D),5 A,, TSF (5)5 0)+ **(5 *
)0) +*.
FIAUAU.1 B+)0 A,, + )0) (0)+(
FIAUAU.4 M))(, A(+ *+ )0) 5.
FIAUID.1 M))(, U+00++, + +* )5))0) (0)+(>
)0,5) +* )5)= *:)55
FIAUID.1 B+)0 A,, + +* )5))0) (0)+(> )0,5) +* )5)= *:)55.
FMTMOF.1 B+)0 A,, (5))0)+ ) :)* 0)+ )
TSF.
FMTMSA.1 B+)0 A,, (5))0)+ :,+ +0*)= *)+.
FMTMSA.2 M))(, A,, *5 5 *05 :,+ * +0*)= *).
FMTMSA.3 B+)0 A,, (5))0)+ ))), :,+ +0*)=*)+.
FMTSMR.1 M))(, (5))0)+ * +*+ * * *,
FPRANO.1 M))(, T ):0) =()= (0)+(.
FPTF"S.1 B+)0 F),* TSF.
FPTSTM.1 M))(, 0+ )(
FRUF"T.2 M))(, A= ),* 505 = TSF.
FAUSAA.1 P), :),) ,=+)+
P), :),) ,=+)+> +)0 *+,5 50) +)+ )G5 *,+ )+ *)*5.
FAU7SAA.1.1 T TSF +,, , ,= + *,+ ) ()*)
5)5 :+ 5 +5 + *,+ )5)0 ), :),)
TSP.
FAU7SAA.1.2 T TSF +,, *0 ,,) *,+ * ()*) 5)5
:+
E()* A*+,)0 14 ENTS UMCP
8/9/2019 Internet Backbone PP
15/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
@ A00(,) * 0()) all events from Auita&le )vent Ta&le
)5)0 ), +0*)= :),).
FAUSAR.1 A5) *:)
A5) *:) *:)5+ 0),)= *5 )*() *( 5) *0*5+.
T)+ 0( ),, *:)5 *)J5 +*+ 0),)= ) 5)** )*(). I 0+ ( +*+ )+ )*() 5+ ) ( 5*+5, *+). I 0+ G*, IT ))+ )*()
5+ ()+,= **+5 ) ,0*)0 +).
FAU7SAR.1.1 T TSF +,, *:)5 *rivilege users ) 0),)= *5 all auit information *( 5) *0*5+.
FAU7SAR.1.2 T TSF +,, *:)5 5) *0*5+ ) (* +), *
+* )** )*().
FAUSAR.3 S,0, 5) *:)
S,0, 5) *:) *)*+ 5) *:) ,+ +,0 5) 5 *:)5 +5 0*)*).
FAU7SAR.3.1 T TSF +,, *:)5 ),)= **( +*0+ an+
sorting 5) 5 +5
a( ,user ientity
&( range of ates
c( range of times
( ranges of aress-.
FAUST.1 P*05 5) *), +*
P*05 5) *), +*> *)*(+ * ,05 5) *),. I ),,
*05 *( *)J5 5,) 5/* (5))0).
FAU7STG.1.1 T TSF +,, *0 +*5 5) *0*5+ *( *)J5
5,).
FAU7STG.1.2 T TSF +,, , "revent (5))0)+ 5)*0*5+.
FAUST.4 P*:) 5) 5 ,++
P*:) 5) 5 ,++ +0))+ 0)+ ) 0+ 5) *), )+ ,,.
FAU7STG..1 T TSF +,, overrite t/e olest store auit recors 5
notify "rivilege user ) 5) *), )+ ,,.
FCSCKM.1 C*=*)0 = *)
E()* A*+,)0 1& ENTS UMCP
8/9/2019 Internet Backbone PP
16/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
C*=*)0 = *) *)*+ 0*=*)0 =+ *5 )
00*50 ) +0))5 ,*)( 5 = +)J+ )0 0 +5
++)5 +5*5.
FCS7C6M.1.1 T TSF +,, * 0*=*)0 =+ ) 00*50 )
+0))5 0*=*)0 = *) ,*)( ++)( cry"togra"/ic 0ey
generation algorit/m 5 +0))5 0*=*)0 = +)J+ minimum 5$ &its ( ,,) ++)( list of stanars.
FCSCKM.2 C*=*)0 = 5)+*))
C*=*)0 = 5)+*)) *)*+ 0*=*)0 =+ 5)+*)5 )00*50 ) +0))5 5)+*)) (5 )0 0 +5
++)5 +5*5.
FCS7C6M.2.1 T TSF +,, 5)+*) 0*=*)0 =+ ) 00*50 ) +0))5 0*=*)0 = 5)+*)) (5 ++)( cry"togra"/ic 0ey
istri&ution met/o (+ ,,) ++)( list of stanars.
FCSCKM.4 C*=*)0 = 5+*0)
C*=*)0 = 5+*0) *)*+ 0*=*)0 =+ 5+*=5 )
00*50 ) +0))5 5+*0) (5 )0 0 +5
++)5 +5*5.
FCS7C6M..1 T TSF +,, 5+*= 0*=*)0 =+ ) 00*50 )
+0))5 0*=*)0 = 5+*0) (5 ++)( cry"togra"/ic 0ey
estruction met/o (+ ,,) ++)( list of stanars.
FCSCOP.1 C*=*)0 *)
C*=*)0 *) *)*+ 0*=*)0 *) **(5 )00*50 ) +0))5 ,*)( 5 ) 0*=*)0 = +0))5+)J+. T +0))5 ,*)( 5 0*=*)0 = +)J+ 0 +5
++)5 +5*5.
FCS7COP.1.1 T TSF +,, **(
@ encry"tion of remote aut/orie "rivilege user session
@ encry"tion of remote aut/entication ) 00*50 ) +0))5
0*=*)0 ,*)( ++)( cry"togra"/ic algorit/m 5
0*=*)0 = +)J+ minimum 5$ &its ( ,,)++)( list of stanars.
FDPIFC.1 S+ )*() , 0*,
S+ )*() , 0*, *)*+ 0 )5))5 )*() ,0*, SFP+ ) ,0 * ++ ++), *)+ ++
)*() ,+ ) TOE.
FDP7IFC.1.1 T TSF +,, *0 entifie *
E()* A*+,)0 16 ENTS UMCP
8/9/2019 Internet Backbone PP
17/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
@ su&ect6 ientifie e7ternal T entities t/at sen an receive "ac0ets t/roug/
t/e T!)
@ information6 * originating an terminating * aress an service
0@ o"erations6 "ass "ac0et or &loc0 "ac0et-
FDPIFF.1 S)(, +0*)= *)+
S)(, +0*)= *)+ *)*+ +0*)= *)+ )*()> 5
+0+ 0+ )*() , 5 +0+ 0 + *0))+
)*(). I +0))+ *,+ (+ *05 = 0)>
5 5+0*)+ +0*)= *)+ * 5*):5 = 0).
FDP7IFF.1.1 T TSF +,, *0 entifie * +5 ,,)
=+ +0 5 )*() +0*)= *)+
a ;subject security attributes:
•
presumed IP address;
• other subject security attributes to be determined by the
Security Target writer);
b inormation security attributes:
• source subject;
• destination subject;
• transport !ayer protoco!;
•T"# interace on which tra$c arri%es and departs;
• ser%ice;
• other inormation security attributes to be determined by the
Security Target writer&s)'.
FDP7IFF.1.2 T TSF +,, *() )*() , 0*,,5
+0 5 0*,,5 )*() :) 0*,,5 *) ) ,,) *,+
,5 ource an estination su&ects are in com"liance it/ ecurity *olicy.
FDP7IFF.1.3 T TSF +,, *0 none require .
FDP7IFF.1. T TSF +,, *:)5 ,,) none require .
FDP7IFF.1.$ T TSF +,, G,)0),= *)J )*() , +5 ,,) *,+ ++)( rules+ &ase on security attri&utes+ t/at e7"licitlyaut/orie information flos.
FDP7IFF.1.' T TSF +,, G,)0),= 5= )*() , +5
,,) *,+ ++)( rules+ &ase on security attri&utes+ t/at e7"licitlyeny information flos.
E()* A*+,)0 17 ENTS UMCP
8/9/2019 Internet Backbone PP
18/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
FIAAF".1 A)0) ),* 5,)
R)*( TSF , *() +++) +,)+( *0++
* +0))5 (* +00++, +* )0) (+. I ,+*)*+ > * *()) +++) +,)+( *0++> TSF
, 5)+, +* 00 * ) *= ?.. *+)@ *(
)0 (+ * (5 ), 5())+**-5)5 05)) 00*+.
FIA7AFL.1.1 T TSF +,, 50 /en ,a setta&le+ non8ero num&er+ to &e
setta&le &y "rivilege user +00++, )0) (+ 00* *,5
a( ,aut/orie user attem"ting to ma0e aut/entication as "rivilege user
&( Attac0er attem"ting to im"ersonate aut/orie or "rivilege user-.
FIA7AFL.1.2 W 5)5 (* +00++, )0) (+
+ ( * +*++5> TSF +,,
a( ,isa&le account
&( notify "rivilege user+ met/o to &e setta&le &y "rivilege user-.
FIAATD.1 U+* *) 5)))
U+* *) 5)))> ,,+ +* +0*)= *)+ * 0 +*
())5 )5):)5,,=.
FIA7ATD.1.1 T TSF +,, ()) ,,) ,)+ +0*)= *)+ ,) )5):)5, +*+
a) ,ientity9
b) association of /uman user it/ t/e "rivilege user role
FIAUAU.1 T)() )0)
T)() )0)> ,,+ +* **( 0*) 0)+ *)*
)0) +*+ )5)=.
FIA7UAU.1.1 T TSF +,, ,, ++)( list of T meiate actions
, +* **(5 * +* )+ )05.
FIA7UAU.1.2 T TSF +,, *)* 0 +* +00++,,= )05 * ,,) = * TSF-(5)5 0)+ , +*.
E()* A*+,)0 18 ENTS UMCP
8/9/2019 Internet Backbone PP
19/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
FIAUAU.4 S),-+ )0) (0)+(+
S),-+ )0) (0)+(+> *)*+ )0) (0)+( *+ ) +),-+ )0) 5.
FIA7UAU..1 T TSF +,, *: *+ )0) 5 *,5
@ *):),5 +*
@ *)J5 +*
FIAUID.1 T)() )5))0)
T)() )5))0)> ,,+ +*+ **( 0*) 0)+ * ))5))5 = TSF.
FIA7UID.1.1 T TSF +,, ,, no any actions , +*
**(5 * +* )+ )5))5.
FIA7UID.1.2 T TSF +,, *)* 0 +* +00++,,= )5))5 *
,,) = * TSF-(5)5 0)+ , +*.
FMTMOF.1 M( +0*)= 0)+ :)*
M( +0*)= 0)+ :)* ,,+ *)J5 +*+ ?*,+@
( :)* 0)+ ) TSF + *,+ * : +0))5
05))+ (= (,.
8/9/2019 Internet Backbone PP
20/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
i) reco%er to the state o!!owing the !ast bac-up;
j) m) other securityre!e%ant administrati%e unctions to bedetermined by the Security Target writer&s)'.
to ;an pri%i!eged user >.
FMTMSA.1 M( +0*)= *)+
M( +0*)= *)+ ,,+ *)J5 +*+ ?*,+@ (
+0))5 +0*)= *)+.
FMT7MSA.1.1 T TSF +,, *0 ++)( access control *+information flo control * *+*)0 ),)= +,0) c/ange:efault+
query+ moify+ elete+ ++)( ot/er o"erations +0*)= *)+
++)( list of security attri&utes ++)( t/e aut/orie ientifie roles.
FMTMSA.2 S0* +0*)= *)+
S0* +0*)= *)+ +*+ :,+ ++)5 +0*)= *)+ *:,)5 ) *+0 +0* +.
FMT7MSA.2.1 T TSF +,, +* ,= +0* :,+ * 005 *
+0*)= *)+.
FMTMSA.3 S)0 *) ))),)J)
S)0 *) ))),)J) +*+ 5, :,+ +0*)= *)+
* **),= )* *()++): * *+*)0): ) *.
FMT7MSA.3.1 T TSF +,, *0 "ac0et flo control *:)5
restrictive+ 5, :,+ * +0*)= *)+ * +5 *0 * .
FMT7MSA.3.2 T TSF +,, ,, "rivilege user +0)= ,*):))), :,+ :**)5 5, :,+ 0 * )*() )+
0*5.
FMTSMR.1 S0*)= *,+
S0*)= *,+ +0))+ *,+ ) *+0 +0*)= TSF *0)J+.
FMT7SMR.1.1 T TSF +,, ()) *,+ "rivilege user .
FMT7SMR.1.2 T TSF +,, , ++0) /uman +*+ ) t/e
"rivilege user *,.
FPRANO.1 A=()=
A=()= *)*+ * +*+ * +0+ * , 5*() )5)= +* 5 +0 * *).
E()* A*+,)0 2% ENTS UMCP
8/9/2019 Internet Backbone PP
21/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
FPR7ANO.1.1 T TSF +,, +* aut/orie user * ,
5*() *, +* ( 5 "rivilege use an ot/er aut/orie
users.
FPTF"S.1 F),* ) *+*:) +0* +
F),* ) *+*:) +0* +> )0 *)*+ TSF *+*: +0* + ) 0 )5))5 ),*+.
FPT7FLS.1.1 T TSF +,, *+*: +0* + ,,) =+
),*+ 00* ++)( list of ty"es of failures in t/e T .
FPTSEP.1 TSF 5() +*)
TSF 5() +*)> *:)5+ 5)+)0 *05 5() * TSF 5
*:)5+ +*) +0+ )) TSC.
FPT7SEP.1.1 T TSF +,, ()) +0*)= 5() * )+ G0) *0+ ) *( )**0 5 (*) = *+5 +0+.
FPT7SEP.1.2 T TSF +,, *0 +*) +0*)= 5()+
+0+ ) TSC.
FPTSTM.1 R,), )( +(+
R,), )( +(+> )0 *)*+ TSF *:)5 *,), )( +(+ *
TSF 0)+.
FPT7STM.1.1 T TSF +,, , *:)5 *,), )( +(+ * )+
+.
FRUF"T.2 ")()5 , ,*0
")()5 , ,*0 *)*+ TOE 0) 0**0 *) ,,
0),))+ ) : )5))5 ),*+.
FRU7FLT.2.1 T TSF +,, +* *) ,, TOE+ 0),))+ ++)( list of ty"e of failures 00*.
FTATAB.1 D, TOE 00++ *+
D, TOE 00++ *+ *:)5+ *)*( * TOE A00++ B*.T)+ * )+ 5)+,=5 *)* +,)+( 5), * +++).
FTA7TA!.1.1 B* +,)+) +* +++)> TSF +,, 5)+,=
5:)+*= *) (++ **5) *)J5 + TOE.
E()* A*+,)0 21 ENTS UMCP
8/9/2019 Internet Backbone PP
22/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
6.2 TOE #ec(rit3 A//(rance Re8(ire*ent/
T ++*0 +0*)= *)*(+ * TOE +)+= )+ P*0) P*),> * 5*):5 *(P* 3 CC. T+ ++*0 +0*)= *)*(+ 0(+ EA"2 5 0,5 *
) 6 0*)+
1)Con;0
8/9/2019 Internet Backbone PP
23/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
6.2.1 Confi)(ration -ana)e*ent A//(rance Re8(ire*ent/
ACMCAP.2 C)*) )(+
D:,* 0) ,(+
ACM7CAP.2.1D T 5:,* +,, *:)5 **0 * TOE.
ACM7CAP.2.2D T 5:,* +,, + CM +=+(.
ACM7CAP.2.3D T 5:,* +,, *:)5 CM 50().
C 5 *+) :)50 ,(+
ACM7CAP.2.1C T **0 * TOE +,, ) 0 :*+) TOE.
ACM7CAP.2.2C T TOE +,, ,,5 ) )+ **0.
ACM7CAP.2.3C T CM 50() +,, )0,5 0)*) ,)+.
ACM7CAP.2.C T 0)*) ,)+ +,, 5+0*) 0)*) )(+ 0(*)+ TOE.
ACM7CAP.2.$C T CM 50() +,, 5+0*) (5 +5 ),=)5)= 0)*) )(+.
ACM7CAP.2.'C T CM +=+( +,, ),= )5)= ,, 0)*) )(+.
E:,* 0) ,(+
ACM7CAP.2.1E T :,* +,, 0)*( )*() *:)55 (+ ,,
*)*(+ * 0 5 *+) :)50.
6.2.2 Deiver3 and O0eration A//(rance Re8(ire*ent/
ADODE".1 D,):*= *05*+
D:,* 0) ,(+
ADO7DEL.1.1D T 5:,* +,, 50( *05*+ * 5,):*= TOE *
*+ ) +*.
ADO7DEL.1.2D T 5:,* +,, + 5,):*= *05*+.
C 5 *+) :)50 ,(+
ADO7DEL.1.1C T 5,):*= 50() +,, 5+0*) ,, *05*+ *
0++*= ()) +0*)= 5)+*)) :*+)+ TOE +*+ +).
E:,* 0) ,(+
E()* A*+,)0 23 ENTS UMCP
8/9/2019 Internet Backbone PP
24/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
ADO7DEL.1.1E T :,* +,, 0)*( )*() *:)55 (+ ,,
*)*(+ * 0 5 *+) :)50.
ADOIS.1 I+,,)> *)> 5 +*- *05*+
D:,* 0) ,(+
ADO7IGS.1.1D T 5:,* +,, 50( *05*+ 0++*= * +0*
)+,,)> *)> 5 +*- TOE.
C 5 *+) :)50 ,(+
ADO7IGS.1.1C T 50() +,, 5+0*) ++ 0++*= * +0*)+,,)> *)> 5 +*- TOE.
E:,* 0) ,(+
ADO7IGS.1.1E T :,* +,, 0)*( )*() *:)55 (+ ,,
*)*(+ * 0 5 *+) :)50.
ADO7IGS.1.2E T :,* +,, 5*() )+,,)> *)> 5 +*-
*05*+ *+, ) +0* 0)*).
6.2.+ Deveo0*ent A//(rance Re8(ire*ent/
ADVFSP.1 I*(, 0), +0))0)
D:,* 0) ,(+
ADV7FSP.1.1D T 5:,* +,, *:)5 0), +0))0).
C 5 *+) :)50 ,(+
ADV7FSP.1.1C T 0), +0))0) +,, 5+0*) TSF 5 )+ G*,
)*0+ +) )*(, +=,.
ADV7FSP.1.2C T 0), +0))0) +,, )*,,= 0+)+.
ADV7FSP.1.3C T 0), +0))0) +,, 5+0*) *+ 5 (5
+ ,, G*, TSF )*0+> *:)5) 5),+ 0+> G0)+ 5 ***
(+++> + **).
ADV7FSP.1.C T 0), +0))0) +,, 0(,,= **+ TSF.
E:,* 0) ,(+
ADV7FSP.1.1E T :,* +,, 0)*( )*() *:)55 (+ ,,
*)*(+ * 0 5 *+) :)50.
ADV7FSP.1.2E T :,* +,, 5*() 0), +0))0) )+
00* 5 0(, )+)) TOE +0*)= 0), *)*(+.
E()* A*+,)0 24 ENTS UMCP
8/9/2019 Internet Backbone PP
25/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
ADVH"D.1 D+0*)): )-,:, 5+)
D:,* 0) ,(+
ADV7HLD.1.1D T 5:,* +,, *:)5 )-,:, 5+) TSF.
C 5 *+) :)50 ,(+
ADV7HLD.1.1C T *+) )-,:, 5+) +,, )*(,.
ADV7HLD.1.2C T )-,:, 5+) +,, )*,,= 0+)+.
ADV7HLD.1.3C T )-,:, 5+) +,, 5+0*) +*0* TSF ) *(+ ++=+(+.
ADV7HLD.1.C T )-,:, 5+) +,, 5+0*) +0*)= 0),)= *:)55 = 0 ++=+( TSF.
ADV7HLD.1.$C T )-,:, 5+) +,, )5)= = 5*,=) *5*>)*(*> 5/* +* *)*5 = TSF ) *+) 0)+
*:)55 = +*) *0) (0)+(+ )(,(5 ) *5*>
)*(*> * +*.
ADV7HLD.1.'C T )-,:, 5+) +,, )5)= ,, )*0+ ++=+(+
TSF.
ADV7HLD.1.C T )-,:, 5+) +,, )5)= )0 )*0+
++=+(+ TSF * G*,,= :)+),.
E:,* 0) ,(+
ADV7HLD.1.1E T :,* +,, 0)*( )*() *:)55 (+ ,,*)*(+ * 0 5 *+) :)50.
ADV7HLD.1.2E T :,* +,, 5*() )-,:, 5+) )+ 00*
5 0(, )+)) TOE +0*)= 0), *)*(+.
'?A="*"./ #normal correspondence demonstration
?eveloper action elements+
ADV7RCR.1.1D T 5:,* +,, *:)5 ,=+)+ 0**+50 ,,50 )*+ TSF **+)+ * *:)55.
AD()*C*.+.+C or each ad3acent pair o provided TSrepresentations, the analysis shall demonstrate that all relevantsecurity unctionality o the more abstract TS representation iscorrectly and completely refned in the less abstract TSrepresentation.
Evaluator action elements+
E()* A*+,)0 2& ENTS UMCP
8/9/2019 Internet Backbone PP
26/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
ADV7RCR.1.1E T :,* +,, 0)*( )*() *:)55 (+ ,,*)*(+ * 0 5 *+) :)50.
6.2. G(idance Doc(*ent/ A//(rance Re8(ire*ent/
'@?='?
8/9/2019 Internet Backbone PP
27/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
A%D)0S*.+.+D The developer shall provide user !uidance.
*ontent and presentation o evidence elements+
A%D)0S*.+.+C The user !uidance shall describe the unctions andinteraces available to the non-administrative users o the TOE.
A%D)0S*.+.!C The user !uidance shall describe the use o user-accessible security unctions provided by the TOE.
A%D)0S*.+.#C The user !uidance shall contain warnin!s about user-accessible unctions and privile!es that should be controlled in asecure processin! environment.
A%D)0S*.+.$C The user !uidance shall clearly present all userresponsibilities necessary or secure operation o the TOE, includin!those related to assumptions re!ardin! user behavior ound in thestatement o TOE security environment.
A%D)0S*.+.&C The user !uidance shall be consistent with all otherdocumentation supplied or evaluation.
AGD7USR.1.'C T +* )50 +,, 5+0*) ,, +0*)= *)*(+ * IT
:)*( * *,: +*.
Evaluator action elements+
AGD7USR.1.1E T :,* +,, 0)*( )*() *:)55 (+ ,,
*)*(+ * 0 5 *+) :)50.
6.2.6 Te/t/ A//(rance Re8(ire*ent/
'TE=*OA./ Evidence o covera!e
?eveloper action elements+
AT/)CO(.+.+D The developer shall provide evidence o the testcovera!e.
*ontent and presentation o evidence elements+
AT/)CO(.+.+C The evidence o the test covera!e shall show thecorrespondence between the tests identifed in the test documentationand the TS as described in the unctional specifcation.
Evaluator action elements+
AT/)CO(.+.+/ The evaluator shall confrm that the inormationprovided meets all reCuirements or content and presentation o evidence.
'TE=)$./ unctional testin!
?eveloper action elements+
E()* A*+,)0 27 ENTS UMCP
8/9/2019 Internet Backbone PP
28/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
AT/)F01.+.+D The developer shall test the TS and document theresults.
AT/)F01.+.!D The developer shall provide test documentation.
*ontent and presentation o evidence elements+
AT/)F01.+.+C The test documentation shall consist o test plans, testprocedure descriptions, expected test results and actual test results.
AT/)F01.+.!C The test plans shall identiy the security unctions to betested and describe the !oal o the tests to be perormed.
AT/)F01.+.#C The test procedure descriptions shall identiy the teststo be perormed and describe the scenarios or testin! each securityunction. These scenarios shall include any orderin! dependencies onthe results o other tests.
AT/)F01.+.$C The expected test results shall show the anticipatedoutputs rom a successul execution o the tests.
AT/)F01.+.&C The test results rom the developer execution o thetests shall demonstrate that each tested security unction behaved asspecifed.
Evaluator action elements+
AT/)F01.+.+/ The evaluator shall confrm that the inormationprovided meets all reCuirements or content and presentation o evidence.
'TE=#$?.0 #ndependent testin! - sample?eveloper action elements+
AT/)I1D.!.+D The developer shall provide the TOE or testin!.
*ontent and presentation o evidence elements+
AT/)I1D.!.+C The TOE shall be suitable or testin!.
AT/)I1D.!.!C The developer shall provide an eCuivalent set o resources to those that were used in the developerDs unctional testin!o the TS.
Evaluator action elements+
AT/)I1D.!.+/ The evaluator shall confrm that the inormationprovided meets all reCuirements or content and presentation o evidence.
ATE7IND.2.2E T :,* +,, + ++ TSF + **) 0)*( TOE *+ + +0))5.
E()* A*+,)0 28 ENTS UMCP
8/9/2019 Internet Backbone PP
29/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
ATE7IND.2.3E T :,* +,, G0 +(, ++ ) + 50()
:*)= 5:,* + *+,+.
6.2.9 (nera&iit3 A//e//*ent A//(rance Re8(ire*ent/
'A'=SO./ Stren!th o TOE security unction evaluation
?eveloper action elements+
A(A)SOF.+.+D The developer shall perorm a stren!th o TOE securityunction analysis or each mechanism identifed in the ST as havin! astren!th o TOE security unction claim.
*ontent and presentation o evidence elements+
A(A)SOF.+.+C or each mechanism with a stren!th o TOE securityunction claim the stren!th o TOE security unction analysis shall showthat it meets or exceeds the minimum stren!th level defned in thePP6ST.
A(A)SOF.+.!C or each mechanism with a specifc stren!th o TOEsecurity unction claim the stren!th o TOE security unction analysisshall show that it meets or exceeds the specifc stren!th o unctionmetric defned in the PP6ST.
Evaluator action elements+
A(A)SOF.+.+/ The evaluator shall confrm that the inormationprovided meets all reCuirements or content and presentation o evidence.
AVA7SOF.1.2E T :,* +,, 0)*( +* 0,)(+ * 0**0.
'A'=A('./ ?eveloper vulnerability analysis
?eveloper action elements+
A(A)(2A.+.+D The developer shall perorm and document an analysiso the TOE deliverables searchin! or obvious ways in which a user canviolate the TSP.
A(A)(2A.+.!D The developer shall document the disposition o obvious vulnerabilities.
*ontent and presentation o evidence elements+A(A)(2A.+.+C The documentation shall show, or all identifedvulnerabilities3 based on C/*T, that the vulnerability cannot beexploited in the intended environment or the TOE.
Evaluator action elements+
E()* A*+,)0 29 ENTS UMCP
8/9/2019 Internet Backbone PP
30/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
A(A)(2A.+.+/ The evaluator shall confrm that the inormationprovided meets all reCuirements or content and presentation o evidence.
AVA7VLA.1.2E T :,* +,, 050 *) +)> ),5) 5:,* :,*),)= ,=+)+> +* :)+ :,*),))+ : 55*++5.
E()* A*+,)0 3% ENTS UMCP
8/9/2019 Internet Backbone PP
31/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
9. RATIONALE
T PP R), *:)5+ 5(+*) PP +0))+ 0(,> 0* 5
)*,,= 0+)+ + +0*)= 0):+ 5 +0*)= *)*(+ * **)
55*++ )5))5 +0*)= *,(.
9.1 #ec(rit3 Re8(ire*ent/ Rationae/
Se/,0t O9=et0:e 6e F/nt0on Co45onents
O.A:),),)=.1 FTATAB.1
FRUF"T.2
O.A:),),)=.2 FMTSMR.1
FAUST.1
FAUST.4
FMTMOF.1
O.C)5),)=.1 FAUARP.1
FIAATD.1
FIAUAU.1
FIAUAU.4
O.C)5),)=.2 FCSCOP.1
O.C)5),)=.3 FPRANO.1
O.I*)=.1 FIAATD.1
FIAATD.2
FIAUAU.1
O.I*)=.1 FIAATD.1
FIAATD.2
FIAUAU.1
O.I*)=.2 FAUEN.1
O.I*)=.3 FAUEN.1
E()* A*+,)0 31 ENTS UMCP
8/9/2019 Internet Backbone PP
32/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
O.I*)=.4 FPTSTM.1
FAUEN.1
FAUSAR.1FAUSAR.3
O.I*)=.& FIAAF".1
FPTSEP.1
FAUARP.1
FAUST.1
FAUST.4
O.I*)=.6 FAUEN.1FAUSAR.1
O.I*)=.7 FMTMAS.3
O.DF,.1 FDPIFC.1
9.2 F(nctiona De0endencie/
F0), 550)+ *:)5 (), = :*)= ,, 0), 550)+ ) PP.
F/nt0on
N4e
To St0s; De5en8ene
FAUARP.1 O.C)5),)=.1
O.I*)=.&
FAUSAA.1
FAUSAA.1 FAUARP.1 FAUEN.1
ADVSPM.1 FMTMSA.2
FPTF"S.1
FAUEN.1 O.I*)=.2
O.I*)=.3
O.I*)=.4
O.I*)=.6
FPTSTM.1
E()* A*+,)0 32 ENTS UMCP
8/9/2019 Internet Backbone PP
33/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
FAUSAR.1 O.I*)=.4
O.I*)=.6
FAUEN.1
FAUSAR.3 O.I*)=.4 FAUSAR.1FAUST.1 O.A:),),)=.2
O.I*)=.&
FAUEN.1
FAUST.4 O.A:),),)=.2
O.I*)=.&
FAUST.1
FCSCKM.1 FCSCOP.1
FCSCKM.4
FCSCKM.2
FCSCKM.2
FCSCKM.4
FMTMSA.2FCSCKM.2 FCSCKM.1 FCSCKM.1
FCSCKM.4
FMTMSA.2
FCSCKM.4 FCSCOP.1
FCSCKM.1
FCSCKM.2
FCSCKM.1
FMTMSA.2
FCSCOP.1 O.C)5),)=.2 FCSCKM.1
FCSCKM.4
FMTMSA.2
FDPACC.1 FMTMSA.1
FDPACF.1
FDPACF.1
FDPACF.1 FDPACC.1 FDPACC.1
FMTMSA.3
FDPIFC.1 O.DF,.1 FDPIFF.1
FDPIFF.1 FDPIFC.1 FDPIFC.1
FMTMSA.3
FIAAF".1 O.I*)=.& FIAUAU.1
E()* A*+,)0 33 ENTS UMCP
8/9/2019 Internet Backbone PP
34/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
FIAATD.1 O.C)5),)=.1
O.I*)=.1
FIAUAU.1 O.C)5),)=.1O.I*)=.1
FIAUID.1
FIAUAU.4 O.C)5),)=.1
FIAUID.1 FIAUAU.1
FMTMOF.1 O.A:),),)=.2 FMTSMR.1
FMTMSA.1 FMTMSA.3
FMTMSA.2
FDPACC.1
FMTSMR.1
FMTMSA.2 FCSCOP.1
FCSCKM.1
FCSCKM.4
FCSCKM.2
ADVSPM.1
FDPIFC.1
FMTMSA.1
FMTSMR.1
FMTMSA.3 O.I*)=.7 FMTMSA.1
FMTSMR.1
FMTSMR.1 O.A:),),)=.2 FIAUID.1
FPRANO.1 O.C)5),)=.3
FPTF"S.1 FRUF"T.2 ADVSPM.1
FPTSEP.1 O.I*)=.&
FPTSTM.1 O.I*)=.4
FRUF"T.2 O.A:),),)=.1 FPTF"S.1
FTATAB.1 O.A:),),)=.1
9.+ Rationae for Not #ati/f3in) A De0endencie/
S0*)= 00++ 0*, ) )+ TOE )+ +5 )*() , 0*, ** 0(+
*)*5 +0*)= *) +5 00++ 0*, FDPACC.1> FDPACF.1 5+ : +)+)5.
E()* A*+,)0 34 ENTS UMCP
8/9/2019 Internet Backbone PP
35/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
:. Acron3*/
The ollowin! abbreviations rom the *ommon *riteria are used in thisProtection Profle+
CC *ommon *riteria or #normation Technolo!y SecurityEvaluation
EA" Evaluation 'ssurance (evel
FTP ile Transer Protocol
HTTP Bypertext Transer Protocol
IT #normation Technolo!y
PP Protection Profle
SFP Security unction Policy
ST Security Tar!et
TOE Tar!et o Evaluation
TSC TS Scope o *ontrol
TSF TOE Security unctions
TSP TOE Security Policy
POP Point O Presence
AS 'utonomous System
E()* A*+,)0 3& ENTS UMCP
8/9/2019 Internet Backbone PP
36/36
CW-USA I NTERNET BACKBONE NETWORK PP 12/29/1998
;. Reference/
• C(( C*)*) * I*() T0,= S0*)= E:,), **#&-F-G05 Aersion
0,