Brocade Communications Systems FCX Series User Manual download pdf (Page 29)

Version 1.1, 05/19/2014

GSS CCT Evaluation Technical Report Page 29 of 53

Document: AAR-BrocadeFastIron8010

2.4.1.1 FIA_PMG_EXT.1.1

TSS Assurance Activities: None Defined

Guidance Assurance Activities: The evaluator shall examine the operational guidance to determine that it provides

guidance to security administrators on the composition of strong passwords, and that it provides instructions on

setting the minimum password length.

The Enabling enhanced user password combination requirements section of the Security Configuration Guide

describes how to turn on strict password enforcement. When strict-password-enforcement is on, passwords must

be eight characters and contain:

• At least two upper case characters

• At least two lower case characters

• At least two numeric characters

• At least two special characters

There is a section of the Security Configuration Guide called Specifying a minimum password length that explains

the command needed to set a minimum password length.

Testing Assurance Activities: The evaluator shall also perform the following tests. Note that one or more of these

tests can be performed with a single test case.

Test 1: The evaluator shall compose passwords that either meet the requirements, or fail to meet the

requirements, in some way. For each password, the evaluator shall verify that the TOE supports the password.

While the evaluator is not required (nor is it feasible) to test all possible compositions of passwords, the evaluator

shall ensure that all characters, rule characteristics, and a minimum length listed in the requirement are

supported, and justify the subset of those characters chosen for testing.

The evaluator ran three tests to address this requirement. The first step had the administrator set the minimum

password length to 15. The first test has 14 characters including those to meet the strict enforcement and failed.

The second test had 15 characters including those to meet the strict enforcement and passed. The last test

included all the claimed special characters and passed. The evaluator felt this sample was adequate because the

minimum settable length was tested and the combination of password characters was included.

2.4.2 PROTECTED AUTHENTICATION FEEDBACK (FIA_UAU.7)

1 2 ... 24 25 26 27 28 29 30 31 32 33 34 ... 52 53

No comments

Brocade Communications Systems FCX Series User Manual Page 29