Brocade Communications Systems FCX Series User Manual download pdf (Page 13)

Version 1.1, 05/19/2014

GSS CCT Evaluation Technical Report Page 13 of 53

Document: AAR-BrocadeFastIron8010

• console timeout <time> (set console idle timeout period)

• banner motd + (set the login banner – message of the day)

• exit (logout or exit current shell)

• ntp (switch to ntp configuration mode)

• config t (switch to configuration mode)

Testing Assurance Activities: The evaluator shall test the TOE’s ability to correctly generate audit records by having

the TOE generate audit records for the events listed in table 1 of the NDPP and administrative actions. This should

include all instances of an event--for instance, if there are several different I&A mechanisms for a system, the

FIA_UIA_EXT.1 events must be generated for each mechanism. The evaluator shall test that audit records are

generated for the establishment and termination of a channel for each of the cryptographic protocols contained in

the ST. If HTTPS is implemented, the test demonstrating the establishment and termination of a TLS session can be

combined with the test for an HTTPS session. For administrative actions, the evaluator shall test that each action

determined by the evaluator above to be security relevant in the context of this PP is auditable. When verifying the

test results, the evaluator shall ensure the audit records generated during testing match the format specified in the

administrative guide, and that the fields in each audit record have the proper entries.

Note that the testing here can be accomplished in conjunction with the testing of the security mechanisms

directly. For example, testing performed to ensure that the administrative guidance provided is correct verifies

that AGD_OPE.1 is satisfied and should address the invocation of the administrative actions that are needed to

verify the audit records are generated as expected.

For protocol related audit events: The evaluator shall test all identified audit events during protocol testing/audit

testing.

The evaluator created a mapping for the required audit events to test cases where the associated function was

tested. The evaluator then collected the audit event when running the security functional tests. For example, the

required event for FCS_SSH.1 is Establishment/Termination of an SSH session. The evaluator collected these audit

records when establishing the SSH sessions to test password based authentication for SSH and recorded them in

the Detailed Test Report (DTR). The security management events are handled in a similar manner. When the

administrator was required to set a value for testing, the audit record associated with the administrator action was

collected and recorded in the DTR.

2.1.1.2 FAU_GEN.1.2

TSS Assurance Activities: None Defined

Guidance Assurance Activities: None Defined

1 2 ... 8 9 10 11 12 13 14 15 16 17 18 ... 52 53

No comments

Brocade Communications Systems FCX Series User Manual Page 13