Brocade Communications Systems NetIron CER Series Specifications download pdf (Page 36)

Brocade MLXe® and NetIron® Family Devices with Multi-Service IronWare R05.7.00

Security Target Version 1., July 15, 2014

Page 36 of 50

to the process that 'listens' on the network interface). It is acceptable to list all processes running

(or that could run) on the TOE in its evaluated configuration instead of attempting to determine

just those that process the network data. For each process listed, the administrative guidance will

contain a short (e.g., one- or two-line) description of the process' function, and the privilege with

which the service runs. 'Privilege' includes the hardware privilege level (e.g., ring 0, ring 1), any

software privileges specifically associated with the process, and the privileges associated with the

user role the process runs as or under.

The operational guidance shall contain instructions for configuring the cryptographic engine

associated with the evaluated configuration of the TOE. It shall provide a warning to the

administrator that use of other cryptographic engines was not evaluated nor tested during the CC

evaluation of the TOE.

The documentation must describe the process for verifying updates to the TOE, either by checking

the hash or by verifying a digital signature. The evaluator shall verify that this process includes the

following steps:

1. For hashes, a description of where the hash for a given update can be obtained. For

digital signatures, instructions for obtaining the certificate that will be used by the

FCS_COP.1(2) mechanism to ensure that a signed update has been received from the

certificate owner. This may be supplied with the product initially, or may be obtained by

some other means.

2. Instructions for obtaining the update itself. This should include instructions for making

the update accessible to the TOE (e.g., placement in a specific directory).

3. Instructions for initiating the update process, as well as discerning whether the process

was successful or unsuccessful. This includes generation of the hash/digital signature.

The TOE will likely contain security functionality that does not fall in the scope of evaluation

under this PP. The operational guidance shall make it clear to an administrator which security

functionality is covered by the evaluation activities.

5.2.2.2 Preparative procedures (AGD_PRE.1)

AGD_PRE.1.1d

The developer shall provide the TOE including its preparative procedures.

AGD_PRE.1.1c

The preparative procedures shall describe all the steps necessary for secure acceptance of the

delivered TOE in accordance with the developer's delivery procedures.

AGD_PRE.1.2c

The preparative procedures shall describe all the steps necessary for secure installation of the TOE

and for the secure preparation of the operational environment in accordance with the security

objectives for the operational environment as described in the ST.

AGD_PRE.1.1e

The evaluator shall confirm that the information provided meets all requirements for content and

presentation of evidence.

AGD_PRE.1.2e

The evaluator shall apply the preparative procedures to confirm that the TOE can be prepared

securely for operation.

Component Assurance Activity:

As indicated in the introduction above, there are significant expectations with respect to the

documentation—especially when configuring the operational environment to support TOE

functional requirements. The evaluator shall check to ensure that the guidance provided for the

TOE adequately addresses all platforms claimed for the TOE in the ST.

1 2 ... 31 32 33 34 35 36 37 38 39 40 41 ... 49 50

Comments to this Manuals

No comments

Brocade Communications Systems NetIron CER Series Specifications Page 36

Comments to this Manuals

Related products and manuals for Network switches Brocade Communications Systems NetIron CER Series